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Dear Reader, 


The free software community loves it when FOSS projects 
find a place in the IT cosmos. When people who have 
never used Linux start talking about tools like LibreOffice 
and MariaDB, we get a warm feeling of accomplishment. 
However, many open source projects are maintained by 
for-profit entities, and once in a while, they fall off the 
open source wagon. 


There is still a large army of old-school business people 
who don't get open source. What? You're giving away 
your source code? What's the point of that? How do you 
“extract value” from it if everybody can use it? You would 
think we would be done with this question by now, but ac- 
tually it as gotten worse in recent years, due to the recent 
epidemic of large companies using open source code 
without contributing. 


Many suit-and-tie MBA types regard free software as a 
hippie kind of thing, full of unrealistic hopes and circle-of- 
love kumbaya singing at the expense of good business. 
These self-styled “realists” should take a careful look at a 
recent study by the analyst firm Redmonk on the success 
of so-called “rug pull” events, where a company takes an 
open source project out of open source in an attempt to im- 
prove the financial position of the company. The study [11, 
by Redmonk senior analyst Rachel Stephens, tried to deter- 
mine if making open source code proprietary actually 
helps the company. Stevens looked at four software proj- 
ects that had recently changed from an open source license 
to a more restrictive license: MongoDB, Elasticsearch, 
Terraform, and Confluent. The goal was to determine 
whether the move away from open licensing has led to 
any discernible change in the parent company's trajectory 
in terms of revenue or market capitalization. 


Unsurprisingly (at least for the FOSS community) the 
study could find no clear link between closed-sourcing and 
revenue. Some of the companies experienced revenue 
growth; however, they were growing anyway, and the 
change didn't seem to affect the rate of growth. Market 
capitalization seems a little less useful as an indicator - a 
company's value is subject to all the fads, trends, and 
prejudices that inhabit the stock market, including the 
prejudices of suit-and-tie MBA types. But even with the 
market capitalization indicator, the results were inconclusive: 
Mongo seems to have gained value. HashiCorp (maker of 
Terraform) and Confluent have seen their market capital- 
ization drop. Elastic picked up value for a while, then it 


Info 


[11 Software Licensing Changes and Their Impact on Financial 


Outcomes: |https://redmonk.com/rstephens/2024/08/26, 


dropped, and now it seems to be drifting back. Net income 
(perhaps the most useful indicator) shows almost no 
significant benefit from the licensing change. 


The Redmonk study offers insights on the true value of 
open source projects for the parent company. A popular 
open source project can make a company really famous 
really fast. Would companies like Mongo and Elastic have 
even gotten out of the starting gate without their powerful 
open source applications? But then at the time when 
shareholders start clamoring for more revenue and 
market share, the company faces some important 
choices. If you close the source, will the industry follow, 
or will itturn to a different tool? Will you replace the free 
testing and bug hunting you're receiving from the open 
source community with paid employees, and if so, will 
this expense offset any potential benefits? If you can no 
longer use “Avoid Vendor Lock-in” in your sales materials, 
what will you replace it with? 


| know it must be very annoying for a small company to 
contribute a useful code base to the community and then 
watch a multi-billion-dollar cloud vendor use the code 
without giving anything back. On the other hand, a multi- 
billion-dollar cloud vendor using your code provides name 
recognition and gravitas to the company that would other- 
wise be difficult to attain. In the end, the results of the 
study were inconclusive, which 

means it probably won't settle 
any arguments. But the next 
time these “realists” tell you 
closing the source is good 

for business, tell them to 
check the numbers. 


Se 
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Editor in Chief 
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ON THE COVER 


44 Ubuntu autoinstall 
Ubuntu's YAML-based auto-installation method 
is tailored for today's cloud environments. 


50 Transcoding with CasaO0S 


Online transcoding tools are fine for a single file, 
but when you need to convert a stack of videos, 
why not speed things up with some automation? 


Hijacking Browsers 

Do you think attackers only pick on servers? A 
pen test tool called BeEF shows what they can 
do with a browser in their sights. 


News 
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e Deepin 23 Offers Wayland Support and New Al Tool 
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Kernel News 


* Supporting Older Tools 
e Kernel Bug or Compiler Bug? 


COVER STORIES 


Domoticz 

The open source Domoticz home automation platform 
offers a lightweight, efficient, and highly customizable 
solution for managing smart devices in the home. 


OpenHAB is an open-source facility-automation platform 
that lets you network your smart devices independently of 


vendor or protocol. 


E27 Smart Home 
Connect a Rotex heat pump with a Raspberry Pi and 
integrate it into a smart home solution. 


62 Raspberry Pi Al Kit 
Get the components you'll need to experiment 
with Al on the Pi. 


Weather Station 
We spin up a homegrown solution for displaying 
and storing weather data. 


72 


Yazi 

In you like the speed of a text-based file 
manager but miss the graphic conveniences, 
check out this innovative terminal offering. 


Distro Walk — BOSS Linux 
Developed with the goal of bridging the digital divide in India, 
BOSS Linux offers an easy-to-use distribution for all users. 


IN-DEPTH 


“YH Ubuntu autoinstall with cloud-init 
The automatic installation method rolled out with Ubuntu 


22.04 borrows some tools from the cloud configuration 
toolbox. We'll show you how to get started. 


48 Command Line — DebPostinstall 
DebPostinstall takes the drudgery out of Debian installations. 
119 Transcoding with CasaOS 


Transcoding your video library with CasaOS, HandBrake, 
FileBrowser, and HAProxy. 


yA Hijacking Browsers 
Bits of JavaScript from a malicious website can put your 
browser in a trance. A tool called BeEF encapsulates that 
power in a most diabolical way. 


$2 Machine Learning Workshop — Raspberry Pi 
Al Kit 
Raspberry Pi enters the artificial intelligence accelerator 
fray with a low-cost solution. 


66 Programming Snapshot — Go Code on GitHub 
Go makes it easy to bundle universal code into a package 
and share it with the world on GitHub. 


If you listen to megavendors 
like Google and Amazon, the 
only path to a smart home LINUXVOICE 

is through the cloud, but the 79 Welcome 

Linux community has a better 
way. We'll show you some open 
source smart home tools with no 


81 Doghouse — Real Values 
A great part of early Linux was the fun — of 
programming, sharing, meeting others — and it's 
worth cultivating now. 


cost and no spying. 


This month Nate looks at COSMIC Epoch 1, Picker, 


Freeciv2 1, Flameshot, TextBin, Tuba, Proton VPN, and 
Maker5pace an 


¡PA Weather Station 


A DVB-T stick retrieves information from a professional 


59 Tutorial — Yazi 
This fast and flexible file manager offers command- 
line speed with some GUI-like conveniences. 


weather station and stores it in a database for downstream 
processing. 


Raspberry Pi 5 Case 
The official Raspberry Pi 5 case is not 
the perfect solution for all 
applications, so it makes 
perfect sense to design and 
3D print your own case. 
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This Month's DVD 


Rocky Linux 9.4 and MX Linux MX-23.3 
Two Terrific Distros on a Double-Sided DVD! 


A Rocky Linux 


8,4 Minirnal 
E-t-al4 


A 


LINUX 


Rocky Linux 9.4 
64-bit 

Rocky Linux is a community-based alternative to Red Hat 
Enterprise Linux (RHEL). For users' convenience, its 
release versions parallel those of RHEL, and it includes 
a migration tool, migrate2rocky, for those who wish to 
switch from RHEL. Rocky's releases usually occur within a 
week or two of RHELs releases. Both are geared toward 
large deployments rather than single-user installations. 


Rocky Linux's 9.4 release includes enhanced options for 
its image builder, including custom mount points and 
partitioning modes. lt also features updates to a variety 
of security features, ranging from new deny rules for 
SELinux user space and the ability to install Keylime's 
verifier and registrar as containers, to the ability to create 
a directory for provider-specific configuration files in the 
OpenSSL TLS toolkit and support for modern PostgreSOL 
clients. Rocky Linux 9.4 also supports the latest releases 
of popular programming languages and numerous 
enhancements and upgrades to container management. 
Ifthis seems like an unusually large number of changes 
for a point release, it is probably due to Rocky Linux's 
ongoing efforts to offer a complete RHEL replacement 
without direct access to RHEL source code. 


MX Linux L 
Mx-233 


MX Linux MX-23.3 
64-bit 

MX Linux is a joint venture between the antiX and 
MX Linux distributions. The result is the only 
community-based, one-stop shopping site for 
Linux hardware and software, with a homepage 
that includes links to hardware providers, 
community support, and cloud services. 
MX-23.3 (Libretto) is based on Debian 12.5. In case 
users need to compile a driver but cannot get online, 
all images include “build-essential” files. Images 
also include PipeWire, as well as updated manuals 
and increased language support. MX Linux is aimed 
primarily at individual users and what they need to 
get up and running. 
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25th anniversar! 


Thank You for All 
Your Support! 


Linux Professional Institute (LPI) celebrates its 25th anniversary in 2024. To mark this 

milestone, we are offering something special: From October to December 2024, every 
25th candidate who takes one of our exams will receive a free voucher for their next 
exam. Thank you for supporting LPI! Celebrate 25 years of promoting Linux and open 
source expertise with us and advance your 1T career! 


Find cut more about 
Linux Professional Institute 
and our anniversary ar Ipi.orgó25 
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) + New KDE Slimbook 
Plasma Available for 
Preorder 

e Rhino Linux Announces 
Latest “Quick Update” 


e Plasma Desktop Will Soon 
Ask for Donations 


e Linux Market Share Hits 
New High pro KDE Slimbook Plasma Available 


ne one for Preorder 


1 (+ LibreOffice 24.8 Delivers 


“Y New Features All about power, the latest KDE Slimbook features an AMD 8845HS with CPU 8 
e Deepin 23 Offers Wayland cores, 16 threads, and up to 5.1GHz and 24MB cache. You'll also find an AMD 
Support and New Al Tool 780M GPU, with 12 cores and RDNA 3 and NPU, ready for local Al. While the 
mn Slimbook does not ship with Al software preinstalled, it does mean the hardware 
(| í e CachyOS Adds Support is ready for Al. With this latest iteration, you can get up to 96GB of RAM (DDR5 
cil for System76's COSMIC 5600MHz), so you can imagine how fast the Plasma desktop will perform. 
Desktop Other features include an 83 Wh battery, four speakers, a full aluminum chassis, 
e Linux Foundation Adopts a 16" Wide Quad XGA display (2560x1600, 16:10, sRGB 100%, 120Hz, 400 nits), 
OMI to Foster Ethical LLMs 2 x PCle 4.0, and the Plasma 6.1 desktop environment (which also includes the 


LibreOffice office suite). The base system includes 16GB of RAM, a 250GB NVMe 
drive, and the KDE Neon distribution. 

The base price for the KDE Slimbook VI at launch is EUR1,099 (-$1,213) and, 
of course, you can upgrade it as needed. For a fully-spec'd out version (with 
96GB RAM and 2 x 4T1B Samsung 990 Pro drive), the cost jumps to EUR2,310 
(-$2,550). 


The new SpioR can be pre crasrss ( 
; A) now from the 


Slimbook a and will emp near the Sad of October 2024. 


B Rhino Linux Announces Latest ' "Quick Update” 


Rhino Linux has delivered a new release, version 2024.2, just two months after the 
previous one with some serious updates. 

Based on Ubuntu, Rhino Linux leverages the Pacstal package manager for in- 
stalling tons of applications, as well as sane defaults and a highly customized 
Xfce desktop environment. 

With the latest release, there's a new Unicorn theme with a brand new GTK/ 
XFWM4/Kvantum default theme to replace the older Yaru-Purple scheme. The new 
theme is a significant improvement over the previous one. 

Along with the new theme, you'll find a much improved Setup Wizard that in- 
cludes a significant number of containerized options, a new package manager, 
and the option to add Night Shift. Other options include the Nix package manager, 
Docker, Podman, Flatseal, Distrobox, VirtualBox, Oemu, and Redshift. 

Pacstall also has benefited from the update with the addition of PkgBase splitting 
that allows the building of multiple individual packages from a single pacscript. 


Rhino Linux 2024.2 ships with kernel 6.10.7 for the generic ISO images, kernel 
6.9.0-okpine for Pine64 images, and kernel 6.8.0-raspi for Raspberry Pi images. 

You can read more about the latest release in the official announcement 
(httos://rhinolinux.org/news-15.htmi) and download an ISO from the Rhino Linux 
download page (https://rhinolinux. org/download.html). 


fl Plasma Desktop Will Soon Ask for Donations 


Plasma desktop is one of the more popular Linux desktops on the market. Like 
most Linux desktops, Plasma is free, which means the development team relies 
on donations. The problem with that has been the challenge of knowing where 
to donate. 

The Plasma development team has a solution in the form of a yearly pop-up 
reminder to encourage users to donate. This new feature doesn't mean you 
have to donate to the cause; it just means ¡t'll be easier to do so. 

According to Plasma developer, Nate Graham lhttps.//oointieststick| 
lcom/2024/08/28/asking-for-donations-in-plasma/f, the team asks for donations to 
cover things like web and server hosting, organizing and hosting larger Akademy 
events, funding more frequent and larger sprints, and paying people to work on 
things not focused on by the volunteer community. 

Nate states, “If you're plugged into KDE social media, you probably see a lot of 
requests for donations. | end every one of my “This Week in KDE' posts with one, 
and many others do for their own blog posts as well. KDE's official social media 
channels blast it out constantly, and we also do yearly fundraisers that are widely 
promoted online. If you're reading this, you may get the impression that we're 
always begging for cash!" 

The problem is that not all Plasma users are plugged into those communications 
channels, which inspired the idea for the yearly pop-up. 

Other new features for version 6.2 include the ability to block apps from inhibiting 
sleep mode, a new “fill” mode for wallpaper, an overhauled System Settings Acces- 
sibility page, and the usual slew of bug fixes. 


A Linux Market Share Hits New High 


According to Statcounter 
[Worldwidd,, Linux desktop market share has reached an all-time high of 4.44 
percent in July. This is up from 4.04 percent in June, which was an increase 
from May at 3.77 percent. In fact, the Linux market share has been slowly creep- 
ing upward and that trajectory should continue to rise. At ¡ts lowest point in 2023, 
Linux was at 3.12 percent (July). Before July 2024, the peak was December at 
3.83 percent. 

Compare that to macOS and you see a completely different trend, where Apple's 
OS peaked at 21.01 percent in November 2023 and has steadily fallen to 14.92 
percent in July 2024. 

There are several possible reasons for this change. First is the growing frustration 
with Windows 11 (such as forced ads and Al). As for macOS, the continued rising 
cost of Apple hardware makes using the OS a challenge for many people. Also, the 
popularity of the Steam Deck (which is powered by Linux) has given the open 
source OS a considerable bump in popularity. lt doesn't hurt that just about any re- 
cent version of Linux is viable, even for new users. 

If this trend continues, it's not out of the realm of possibility that Linux will hit 
5 percent by the end of 2024 and could even inch closer to double digits by the 
end of 2025. The possibility of Linux finally surpassing macOS's market share 
has become a reality (as macOS continues to drop and Linux continues to rise). 

It's also important to understand that the 4.44 percent could be an underesti- 
mate of Linux usage, as Statcounter depends on website trackers to collect 
data. Since many Linux users go to great lengths to retain their privacy, it's pos- 
sible several thousands of Linux instances aren't being registered. That number 
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could already be at or over 5 percent. Keep checking Statcounter to see how this 
trend continues. 


ALibreOffice 24.8 Delivers New Features 


LibreOffice 24.8 is officially available for installation and includes a new privacy 
feature that will appeal to many Linux users. 

This new feature ¡s centered around privacy and makes ¡t easy for users to re- 
move personal information from documents. Said information includes author 
names, timestamps, editing duration, printer name and configuration, document 
template details, author and date of comments, and tracked changes. Given how 
security and privacy have become a critical aspect of computing in the modern 
era, this is an especially important feature. LibreOffice is now the only office 
suite on the market that respects the privacy of the user, while also retaining a 
feature set that is comparable to the competition. To use this new feature, you 
only have to enable Tools | Options | LibreOffice | Security | Options | Remove 
personal information on saving. Once you've done that, no personal information 
will be exported. 

Other new features/improvements include better handling of character format- 
ting, cross-references for drag-and-drop items, better hyphenation, new functions 
for Calc (FILTER, LET, RANDARRAY, SEQUENCE, SORT, SORTBY, UNIQUE, 
XLOOKUP and XMATCH), the ability to scroll between slides in Impress, new 
chart types (such as Pie-of-Pie and Bar-of-Bar), accessibility improvements, and a 
new mode for password-based ODF encryption. 

You can read more about the latest release from the official LibreOffice notes 
Ihttps://blog. documentfoundation.org/blog/2024/08/22/libreoffice-248/) and then 
download the installer from the LibreOffice download page (https://wwwlibreoffice! 
org/download/download-libreoftice). 


a 23 Offers Wayland Support and 
New Al Tool 


The latest release of Deepin brings significant updates to the OS, including a new 
version of the Deepin Desktop Environment, Al, the Linyaps application ecosystem, 
and the Deepin IDE. 

Liu Wenhuan, founder of the Deepin Community, had this to say about the 
new release, “We don't consider simply adding or removing a few upstream ap- 
plications, modifying the language, wallpaper, or adjusting the application layout 
to be a genuine version update of an operating system. We aspire that every 
major version update contains a wealth of features truly needed by users and in- 
novative content to push the boundaries of what a Linux desktop distribution can 
achieve, making it as powerful as commercial operating systems like Windows 
and macOS.” 

The developers certainly did deliver. First off, there's Wayland support, for a more 
responsive and secure experience. Deepin 23 ships with both Wayland and X11, so 
users can switch between them should the need arise. 

There's also a new package format, called LingLong, which was created by the 
Deepin developers to solve compatibility ¡issues caused by complex dependencies. 
There's also the LingLong Repair Tool to fix apps that fail after a system upgrade. 
The next big ticket item is UOS Al, which includes a global search function, an 
Al-powered email app (Mailbox), and an Al-injected web browser to offer users a 
similar experience to that of Microsoft's Copilot. 

You'll also find updated avatars, an improved upgrade tool, new wallpapers, an 
improved music app, Linux kernels 5.15 and 6.6, and more. 

You can read about all of the changes in the official changelog (https. //www.deepin) 
-released/) and download an ISO from the official E 


ttos://www.deepin.org/en/downloaa/|. 
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o Adds Support for System?76's 
COSMIC Desktop 


If you're a fan of testing alpha releases (especially in the realm of desktops), then 
CachyOS has something pretty exciting for you. The August 2024 ISO snapshot of 
this Arch-based Linux distribution will include the first alpha of System76's COSMIC 
desktop. 

l've tested this desktop environment on both Fedora and Pop!_OS. Somewhat 
Gnome-ish in look and feel, COSMIC should be a simple desktop to try for anyone 
who's worked with a modern Linux user interface. 

The CachyOS developers will be following the upstream release of COSMIC for 
packaging, with packages based on the latest commit available (though not used for 
installation). 

On top of including COSMIC desktop, the next release of CachyOS also includes 
the NVIDIA 560 Beta graphics driver that defaults to open source kernel modules. 
CachyOS defaults to the Plasma desktop with version 6.1.4 shipped with the latest 
1SO and up-to-date core components. 

The developers also are providing an Arch Linux mirror and worldwide CDN cache 
(sponsored by CDN77) for the default installation, which addresses previous issues 
of the OS selecting outdated mirrors. As well, the kernel manager has received sev- 
eral fixes, and a script has been added to easily handle Secure Boot. 

You can read more about the latest CachyOS ISO in the official anmouncement 


(htips://cachyos.org/blog/2408-august-release/). You'll find links on the same page 


to download the ISO image for installation. 


Lena: Foundation Adopts OMI to Foster 
Ethical LLMs 


The Linux Foundation has added the Open Model Initiative (OMI) to its ever-expanding 
portfolio to help pave the way for more ethical large language models (LLMs). 

The OMI was founded in June 2024 by Invoke, Civitai, and Comfy Org with the 
goal of bringing together developers, researchers, and enterprises to advance open 
and permissive-based licensing for Al models and the technology surrounding them. 
Permissive licensing should make it easier for community members to participate in 
the development of these models without downstream obligations. 

To make this a reality, OMI will be governed by a community-led steering commit- 
tee, conduct a survey to collect feedback for future model research, and develop a 
transparent dataset for training. OMI hopes to release an alpha version of the model 
by the end of the year. 

The big concern, according to Abhigyan Malik, Practice Director of data, analytics, 
and Al at the Everest Group, is “Developing LLMs is highly compute-intensive and 
has cost big tech giants and start-ups billions in capital expenditure to achieve the 
scale they currently have with their open source and proprietary LLMs.” 

Malik also believes the practice of using ethical data to train models will grow 
increasingly more difficult because the more popular sources are changing their 
policies regarding privacy and usage. 

Jim Zemlin, Executive Director of the Linux Foundation, said of this initiative, 
“The Linux Foundation is deeply committed to fostering open and collaborative 
development around Al.” 

He continued, “With the Open Model Initiative, we are taking a significant step 
towards making Al accessible and beneficial for everyone, building an environment 
where creativity and progress in Al can thrive without barriers.” 

Read more about the joint effort between the Linux Foundation and OMI: 
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Kernel News 


Chronicler Zack Brown reports 
on the latest news, views, 
dilemmas, and developments 
within the Linux kernel 
community. 

By Zack Brown 


Author 

The Linux kernel mailing list comprises 
the core of Linux development activities. 
Traffic volumes are immense, often 
reaching 10,000 messages in a week, and 
keeping up to date with the entire scope 
of development is a virtually impossible 
task for one person. One of the few brave 
souls to take on this task is Zack Brown. 


Supporting Older Tools 

One fascinating aspect of Linux involves 
balancing the need to support all users 
everywhere with the need to keep the 
source code as clean and maintainable 
as possible. For example, someone may 
have an extremely old computer with an 
old compiler and old versions of the 
other tools needed to build the kernel. 
While it's possible for Linus Torvalds 
and the rest of the developers to con- 
tinue supporting those old tools forever, 
should they do it? 

Linus believes they should not. As the 
build tools continue to improve over 
time, the kernel source tree no longer 
needs to compensate for the lack of this 
or that feature in those older tools. This 
allows the kernel developers to clean out 
code that is no longer needed because a 
build tool handles a given situation bet- 
ter than it did in the past. However, to 
support all users everywhere, the kernel 
would need to maintain support for 
those old tools that didn't do things as 
well as they do now. So that old kernel 
code that's no longer needed would still 
have to be kept in order to handle all the 
old build tool versions. 

In practice, what happens is that Linus 
chooses an old version of each tool and 
decides that the kernel will support all 
versions after that one (sometimes with 
exceptions for particularly broken ver- 
sions). Periodically, the benefit of rip- 
ping out a massive ton of decrepit code 
outweighs the desire to continue sup- 
porting a particular version of a particu- 
lar build tool. At that point, Linus may 
update the minimum version number for 
that tool and let the feeding frenzy begin 
for developers to tear out all that newly 
unneeded support code. 

In a recent example of this, Oleg Nest- 
erov reported that he was unable to 
compile the most recent Linux kernel 
version on his very old system. The 
build system reported undefined refer- 
ences to various symbols. In other 
words, parts of the kernel couldn't find 
other parts of the kernel when they 
needed to use them. Oleg's first thought 


was that his C compiler, GCC v5.3.1 
(released almost a decade ago), was the 
cause of the failure. 

Linus Torvalds replied very quickly to 
Oleg's report, saying that it wasn't the C 
compiler but the linker (the tool that glued 
together all the different bits and pieces 
that the compiler itself built) that was 
probably at fault. Linus quoted from the 
linker scripting language documentation: 

“If an output section's name is the 
same as the input section's name and is 
representable as a C identifier, then the 
linker will automatically [create] two 
symbols [...]. These indicate the start ad- 
dress and end address of the output sec- 
tion respectively. Note: most section 
names are not representable as C identifi- 
ers because they contain a “* character.” 

Linus told Oleg, “apparently your linker 
doesn't do that.” He added, “can you say 
what your linker version is so that I can 
curse it in private and document it in pub- 
lic?” Linus concluded, “I think you must 
be one of the very few users of it, because 
T too am not finding any other reports”. 

Oleg replied that his linker (the 1d 
tool) reported its version number as 
2.25-17.fc23. 

Linus replied, “Yeah, we document 
that we support building with ld-2.25. 
And I went and looked into the binutils- 
gdb repo, and it looks like this whole au- 
tomatic start/stop symbol thing was in- 
troduced in 2.29.” In other words, the 
kernel improperly relied on a feature of 
the linker that was only added later than 
the version of the linker that was offi- 
cially supported. 

Linus wrote a patch to fix the kernel's 
support for that older linker version, 
saying: 

“Pm (probably entirely in vain) hoping 
that we might aim to use this “standard” 
format of start/stop symbols, so I intro- 
duced it as some kind of simple 
“NAMED_SECTION()'* macro instead. 

“So this patch seems to work for me, 
and looks somewhat reasonable (if peo- 
ple actually start using this and want to 
use different alignments, we might have 
to make that alignment an argument in 


the future, but let's go for a really simple 
macro interface for now).” 

Oleg confirmed that Linus's patch 
worked for him. 

The conversation ended at about that 
point. But to give you a sense of how 
tangled the situation can be, at one point 
in the conversation Linus remarked: 

“Honestly, our linker scripts are basi- 
cally voodoo, and the ALIGN pattern we 
use is part of that voodoo. Part of it is 
that linker script syntax is just horren- 
dous, and part of it is that writing linker 
scripts is so rare that people just mostly 
do it with the “monkey see, monkey do” 
model of programming, ie cutting and 
pasting things that they don't under- 
stand and modifying them so that it 
“works”. 

“IOW, the right thing to do is really to 
not have any ALIGN directive at all, and 
have the alignment come from the input 
sections by specifying it in the source 
when the section is built. 

“Except we don't do that either, unless 
it sometimes happens almost by accident 
(ie when we tell the compiler to use spe- 
cific section names and alignment, then 
the compiler will actually do it for us). 

“Pll update my fix to be the minimal 
“don't rock the boat” fix. And we'll con- 
tinue with the nasty linker script voodoo 
approach.” 

But the conversation didn't really go 
any further. Linus's fix was to support the 
older 2.25 version of the linker, rather 
than to abandon it and simply update the 
documentation to say that version 2.29 
would be the new minimum. Pd specu- 
late that he wanted to do this because 
Oleg was a clear user of that older ver- 
sion, and Linus always wants to support 
actual users, even on very old systems. If 
this error had been reported instead by a 
kernel developer simply testing older 
tools, Linus might very well have con- 
cluded that there were no actual users of 
the linker version 2.25 left in the world, 
and that therefore it would be safe to up- 
date the minimal version number, rather 
than patch the kernel source code. 


Kernel Bug or Compiler 
Bug? 

Linus Torvalds recently announced Linux 
v6.11-rcl, the first release candidate of 
the development cycle. In the before 
times, it was hard to identify when devel- 
opers should focus on implementing new 
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features versus stabilizing existing fea- 
tures. Several methods were tried, in- 
cluding having very long and exciting 
development periods, followed by very 
long and stultifying stabilization periods. 
Nowadays new features go into the early 
release candidates, which then go 
through a relatively short period of stabi- 
lization. This way developers get to do 
the fun stuff without having to wait too 
long during the stabilization period. 

This time, Linus announced a relatively 
normal-seeming “merge window” (the 
window of time during which new fea- 
tures would be accepted). He explained 
tranquilly: 

“There's 12k+ regular commits (and 
another 850 merge commits), so as al- 
ways the summary of this all is just my 
merge log. The diffstats are also (once 
again) dominated by some big hardware 
descriptions (another AMD GPU register 
dump accounts for 45% of the lines in 
the diff, and some more perf event JSON 
descriptor files account for another 5%). 

“But if you ignore those HW dumps, 
the diff too looks perfectly regular: drivers 
account for a bit over half (even when 
not counting the AMD register descrip- 
tion noise). The rest is roughly one third 
architecture updates (lots of it is dts files, 
so 1 guess I could have lumped that in 
with “more hw descriptor tables”), one 
third tooling and documentation, and 
one third “core kernel (filesystems, net- 
working, VM and kernel). Very roughly.” 

So far, so normal. Surprisingly, how- 
ever, Guenter Roeck reported a bunch of 
build errors in his automated tests. He 
remarked, “In summary, quite impres- 
sive in a negative sense. At least some of 
the problems (such as the tinyconfig 
build failures, and some of the test fail- 
ures) have already been reported. I sim- 
ply don't have the time for a detailed 
analysis. Logs are available at|https:/, 
heneusacos bass ja lemas 
column, for those with time to track 
things down.” 

Linus looked into this, including various 
relevant email threads. He felt, as he said, 
“Not super-happy about how people ap- 
parently were discussing the build failures 
for a long time, and didn't even bother 
mentioning them in the pull requests.” 

He and a lot of other people dug into 
these problems, and many were re- 
solved. One of these stands out because 
It poses some interesting questions 
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about where and how to look for the real 
culprits of certain problems. 

At one point during this discussion, 
Guenter remarked that this particular 
problem went away if he used particular 
versions of the GNU C Compiler (GCC). 
He said versions 9.4, 10.3, 12.4, and 13.3 
worked just fine, while versions 11.4 and 
11.5 both failed. He suggested, “Maybe I 
should just switch to a more recent ver- 
sion of gcc and call it a day, in the hope 
that itis a compiler (or qemu) problem 
and doesn't just hide the problem.” 

This is where things got exciting. 

Peter Zijlstra replied, “Tempting, but I 
think it would be good to figure out what 
in GCC-11 makes it sad, gec-11 is still well 
within the supported range of GCCs.” 

Linus also responded to the same post, 
saying: 

“Well, if it's a gcc-11 problem, I think 
we still really want to know what is going 
on. We are *not* all that close to drop- 
ping support for gcc-11 yet. 

“And honestly, while it's often very 
convenient to blame the compiler, com- 
piler bugs are still very rare. 

“IPs *much* more common that bad 
code just happens to work with a good 
compiler than that good code happens to 
break with a bad compiler. 

“Yes, we obviously do hit real compiler 
bugs, but still ... We'd need to actually 
see what goes wrong in the code genera- 
tion before blaming a compiler bug.” 

At first the problem seemed elusive — 
Peter reported that doing a standard git 
bisect failed to identify the oldest kernel 
version that could reproduce the bug. He 
said, “something along the way must've 
changed a critical CONFIG symbol. The 
.config 1 ended up with at v6.11-rc1 did 
no longer reproduce.” 

Guenter added, “An interesting bit of 
information: The problem is seen with 
many, but not all CPUs. For example, I 
don't see it with athlon, n270, Dhyana, 
or EPYC. qemu32 is affected, but 
qemu64 is fine. But on the other side 
both kvm32 and kvm64 are affected.” 

Guenter also tried git bisect, but, like 
Peter, this failed to identify a useful ker- 
nel version to debug. He remarked, “Baf- 
fled. Is it possible that the crashing code 
catches some page boundary?” 

Linus looked all this over and said: 

“We've definitely seen things like that 
before. Some alignment change makes 
something cross a cacheline or page 
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boundary, and it magically causes a 
huge regression. 

“Usually it's about performance, 
though, not this kind of thing. 

“But I could imagine that some odd 
instruction rewriting thing goes wrong 
only when the instruction crosses a page 
boundary, and that we've never hap- 
pened to hit that case, and then some 
kernel config just moves the affected 
code around just enough. 

“That would then indirectly also ex- 
plain why only some compiler versions 
hit it — because it all depends on hitting 
that exact page crosser. 

“You also seemed to say that it only 
happened with some CPU selections. 
Maybe there's something wrong with the 
ALTERNATIVE() cleanups — I'm looking 
at that new “nested alternatives macros” 
thing, and the odd games we play with 
the origin and replacement lengths etc. 

“That all looks entirely crazy. That 
file was hard to read before, now it's 
just incomprehensible to me.” 

At one point, Borislav Petkov 
remarked: 

“Just a data point: 

“gec-11 (Debian 11.2.0-19) 11.2.0 — 

“does NOT repro. 

“Upgrading to 

“gcc-11 (Debian 11.5.0-1) 11.5.0 

”*does* repro. 

“Fun.” 

There was much debugging and ex- 
amination of assembly code and other 
deep stuff. Finally Peter hit upon a com- 
mon theme. He said, “pti= off makes it 
go away, could be those CPU models 
don't have meltdown and as such don't 
enable PTI.” 

Page table isolation (PTI) is a security 
feature introduced into the kernel code 
relatively recently, in order to combat 
the Meltdown hardware vulnerability 
that exists in many CPUs. Meltdown al- 
lows a hostile actor to gain access to all 
memory on the system. The PTI feature 
isolates the kernel from the rest of the 
system, preventing anyone from using 
the Meltdown vulnerability to gain illicit 
access to the kernel. 

Not all CPUs are susceptible to the 
Meltdown vulnerability, so not all CPUs 
need PTI support. Also, PTI doesn't re- 
ally work on 32-bit systems, so although 
those systems may be vulnerable to 
Meltdown, the ways to mitigate that 
threat are more complex. 


At one point in the conversation, Peter 
said of the 32-bit i386 architecture: 

“Thomas [Gleixner] found that i386-pti 
fails to map the entire entry text. Specifi- 
cally pti_clone_pgtable() hard relies — 
and does not verify — that the start ad- 
dress is aligned to the given granularity. 

“Now, ¿386 does not align __entry_ 
text_start, and so the termination condi- 
tion goes sideways and pte_clone_entry() 
does not always work right and it be- 
comes a games of code layout roulette.” 

Given that PTI didn't really work on 
32-bit systems, he asked, “should we 
just kill PTI on 32bit perhaps?” 

Linus replied: 

“T don't think there's much technical 
reason to keep it — I can't imagine any 
security-conscious people actually use 
32-bit x86 any more — but apart from 
fixing this bug I wonder how much of a 
maintenance burden it is? I think most 
of the code is shared with 64-bit, isn't it? 
The 32-bit case in many ways is simpler, 
even if it happened to hit this odd align- 
ment issue because it's obviously also a 
lot less tested. 

“Pd rather kill highmem and X86_PAE, 
but I also suspect that horror has a much 
larger chance of still being used. 

“The day we finally get rid of HIGH- 
MEM I will dance on its grave. I have 
hated that thing for a long long time.” 

Guenter replied to this, “I guess there 
is at least one user - me with my annoy- 
ing boot tests ;-).” He went on to say, 
“But seriously the question is: How 
likely is it for that code to find potential 
problems in the 64-bit code? pti_clone_ 
pgtable() doesn't seem to be 32-bit 
specific.” 

Eventually Peter and the rest of them 
agreed on a patch to resolve Guenter's 
build failures. 

A fascinating aspect of this discussion 
was the way Linus refused to jump on the 
possibility of a compiler bug and insisted 
on a very lengthy and confusing debug- 
ging process, in which standard debug- 
ging techniques like git bisect simply 
failed outright, in order to identify what 
was really happening. Finally, although 
this particular bug didn't seem to repre- 
sent a serious security problem, its con- 
nection with PTI means that it very well 
could have. It's amazing to be able to ob- 
serve the way the kernel developers take 
every detail so seriously in trying to track 
down even the most stubborn bugs. ANN 
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MEN: Domoticz 


Automate your home with Domoticz 


Efficient Technology 


The open source Domoticz home automation platform offers a lightweight, efficient, 
and highly customizable solution for managing smart devices in the home. 


By Rob Peters 


oday's home automation solutions fall into four groups. Events, a Lua offshoot), Python, Ruby, and Blockly. This exten- 
On one side are the ecosystems of vendors such as sive support for programming means you can use Domoticz to 
Apple, Google, and Samsung. On the other are commer- code complete home automation systems (Figure 1), alarm 
cial systems such as Homey that integrate devices from systems, battery management systems, and more. Some of the 
different manufacturers. The third group includes open source supported languages are suitable for newcomers (Blockly, 


systems that offer many standardized features, such as Home Lua), and others offer the power and versatility that advanced 

Assistant. The fourth group targets technology enthusiasts who  programmers demand (DzVents, Python). 

are looking for a flexible, lightweight tool that is easy to cus- Domoticz runs on a wide variety of hardware, including 

tomize and extend. Domoticz [1] belongs to this last group. the Raspberry Pi, which is the ideal home control center. 
Domoticz is easy to install and easy to expand, supporting The Domoticz environment feels as much at home on virtu- 

programming languages such as DzVents (Domoticz Easy ally any Linux distribution as it does on Windows or macoOS. 
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Figure 1: A comprehensive Domoticz home automation system that also includes a solar system and BEV wallbox. 
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And a number of commercial NAS storage devices can run 
Domoticz as a service. Last but not least, you will find a 
Docker image for Domoticz containers. 

The user interface is an HTML5 web front end that adapts 
to desktop and mobile devices and ensures a uniform oper- 
ating strategy on all hardware platforms. There is also 
Dashticz (Figure 2), a fully customizable GUI front end for 
wall-mounted tablets that can also integrate external web 
services such as weather information. 


Important Features 

You can use Domoticz to control lighting; sensors; remotely 
controlled devices, and devices for measuring temperature, 
humidity, precipitation, wind speed, UV radiation, electricity, 
gas or water consumption, and much more. The system 


Dashticz 


2 160 Amsterdam 


supports a variety of methods for sending notifications or 
alerts, including Prowl (a push notification client for 105), 
Pushbullet (Android, browser), Pushover (Android, iPhone, 
desktop), Pushalot (Windows 8 and Windows Phone Noti- 
fier), Clickatell, Telegram, HTTP, email, Google Cloud Mes- 
saging, or media systems such as Kodi and Logitech Media 
Server. 

Domoticz can group devices and create scenes. A scene 
consists of a trigger (sensor or switch) and a device or device 
group that is to be set to a specific state when activated 
(switched on or off, dimmed, and so on). 

Event handling is then managed through programming. 
Blockly offers a visual coding interface where you can move 
blocks to specify logical sequences (Figure 3). Advanced 
users can program Domoticz either directly with Lua or 
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Figure 2: The Dashticz HTML5 GUI is suitable for wall-mounted tablets. 
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with DzVents - a special Lua-based 
language that is closely linked to 
the Domoticz event system. DzVents 
provides numerous additional 
functions for home automation 
and event handling. Scripting with 
Python is a great choice for more 
complex processes. Scripts can ac- 
cess all attributes of Domoticz 
devices. 

Domoticz supports some very 
complex timing conditions. Scenar- 
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ios such as “every 10 minutes in the 
period from 20 minutes before sun- 
rise to 10 minutes after sunset, on every Monday, Tuesday, 
and Friday between May 20 and August 25” do not pose a 
problem. Each device type has its own methods for queries or 
updates. The DzVents wiki page [2] describes so many fune- 
tions that it is one of the most extensive parts of the entire 
Domoticz wiki. 

Domoticz saves metrics, logged events, and statuses in an 
SQLite database by default. The Domoticz environment 
supports a wide range of hardware interfaces, including 
RFXCOM for RF-based devices (433/868 MHz), Zigbee/ 
Z-Wave, which is popular in home automation, and P1 
Smart Meter and YouLess Meter for monitoring power con- 
sumption. Domoticz also supports the Home Assistant Auto- 
discovery protocol for integration with Z-Wave JS, Zig- 
bee2MQTT, ESPHome, and many other subsystems. A com- 
plete list of supported technologies is available in the Domoticz 
wiki [3]. If the pre-installed integrations do not offer what 
you need, you will find a plugin system [4] that offers an 
easy option for programming extensions in Python. The 
website includes instructions [5] for programming your 
own plugins, along with a number of examples in the 
Domoticz wiki. 

Domoticz is written in C++ and maintained on GitHub [6]. 
To avoid external dependencies, it comes with its own built-in 


Figure 3: An example of visual programming with Blockly. 


web server. The web interface, for which several skins exist, 
was programmed in Angular. 

Domoticz is supported by a dedicated community that in- 
cludes the main developer Gizmocuz, several hundred active 
developers, forum maintainers, wiki editors, and other enthusi- 
asts. Users are invited to contribute to the project. 


Conclusions 

Domoticz helps you develop a home automation system tailored 
to your needs. Whether you want to control lighting, monitor 
energy consumption, or play with sensors, Domoticz is a highly 
customizable solution that comes with a user-friendly interface 
and strong community support. MEA 


Info 


[11 Domoticz homepage: [https://www.domoticz.com) 
[2] DzVents in the wiki: bh 


[3] Domoticz wiki: [https://www.domoticz.com/wiki/Main_Page 
[4] Plugin list: |[https:/www. domoticz.com/wiki/Pluging 


[51 Programming plugins: https://www. domoticz.com/wiki 
Developing_a Python _plugi 


[6] Domoticz on GitHub: Ihttps://github.com/domoticz/domoticA 
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Database Ecosystem 


Download this free focus guide, and learn about 
open source database management systems to 
determine which one is right for you. 
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Home automation with the openHAB platform 


At Your Service 


OpenHAB is an open source facility-automation platform that lets you network 
your smart devices independently of vendor or protocol. By Florian Hotze 


penHAB [1], or 

the Open Home 

Automation 

Bus, is a ven- 
dor- and technology-in- 
dependent open source 
facility-automation plat- 
form that can act as the 
brain of a smart home. 
OpenHAB follows the 
“Integrate Everything” 
principle, currently sup- 
porting more than 400 
technologies and sys- 
tems, including En- 
Ocean, KNX, LCN, Loxone, Modbus, MQTT, Philips Hue, 
Z-Wave, and Zigbee. In fact, openHAB can integrate, visualize, 
and automate more than 3,000 different devices. You”ll find a 
list of the supported technologies and systems at the project 
website [2]. 

See the box entitled “openHAB History” for some back- 
ground on the openHAB project. One of openHAB's aims is to 
simplify sequence control. The openHAB control engine offers 
various options for automation, from Ul-based rules, to Blockly 
based visual scripts, to full-fledged programming languages, 
such as JavaScript, Python, Ruby, openHAB DSL (with a 


Figure 1: You can set up automations with the Blockly 
editor, which even schoolchildren use to practice 
programming. 
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Java-like syntax), full 
Java, and Groovy. You 
will even find official 
help libraries for JavaS- 
cript and Ruby that sim- 
plify the use of open- 
HAB's Java interfaces. 
Less experienced pro- 
grammers can use 
Blockly (Figure 1), then 
check out the generated 
JavaScript code and fa- 
miliarize themselves 
with the JavaScript en- 
vironment in openHAB. 

OpenHABis platform independent: It runs on Linux, macOS, 
and Windows, and you can set it up on an Intel-compatible PC, 
a Raspberry Pi, a NAS appliance, or a Docker container. Users 
can access the applications via a web interface, but also via iOS 
and Android apps, Google Assistant, Amazon Alexa, or Apple 
HomekKit. 

Behind the scenes, openHAB is written in Java and uses 
Apache Karaf as its runtime environment. Karaf, in turn, is 
based on the OSGi framework and contributes significantly to 
the modularity and expandability of the platform. 

OpenHAB does not need a cloud but is compatible with 
cloud technology. Because openHAB runs locally on the us- 
er's hardware on premises, users retain full control over 
their data and privacy. And the software does not collect 
analysis data. Secure and free remote access to the platform 
is optionally available via the openHAB Cloud. The open- 
HAB cloud also offers a free voice assistant. The openHAB 
Foundation provides all openHAB users with a free open- 
HAB Cloud instance [3] that provides remote access and 
push notifications, as well as IFTTT, Amazon Alexa, and 
Google Assistant integrations. 

The openHAB Main UI provides overview pages based on 
the semantic model (more on this later), charts (courtesy of 
Apache ECharts), floor plans (Figure 2), and responsive 
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pages with widgets. You can also create fixed pages for 
wall tablets. And you can create sitemaps for smart- 
phones and older, less powerful devices that will appear in 
the Android and ¡OS apps (Figure 3), as well as in the openHAB 
user interface. 

You can configure openHAB through either the user interface 
or with text files. When you're getting started, it is better to use 
the user interface at first - text-based configuration requires 
greater familiarity with the product and no support is available. 
Having said this, text mode is very useful if you want to share 
or reuse parts of your configuration — all you need to do is copy 
the text file. 


Concepts 

OpenHAB has a modular structure; the modules are known as 
addons. There are seven different types of addons: bindings, 
system integrations, automation, persistence, transformations, 
language, and user interfaces. 

Bindings act as interfaces to systems and devices, such as 
Philips Hue, and services, such as OpenWeatherMap. The 
actual systems and services are referred to as Things in open- 
HAB. For example, the Hue Bridge, all Hue lamps, Open- 
WeatherMap accounts, and the OpenWeatherMap OneCall 
APT are all Things. A Thing can also play a special role by han- 
dling the communication between openHAB and other Things 
in the system - in that case, it is referred to as a bridge. For ex- 
ample, openHAB uses the Philips Hue bridge to communicate 
with Hue lamps, which are normal Things. 

In turn, Things offer channels. A channel is a specific func- 
tion of a Thing, such as controlling the brightness of a Philips 
Hue lamp or the current temperature in OpenWeatherMap. 
Channels serve as logical links between Things and the most 
important entities: Items. An Item represents a function pro- 
vided by, say, a switch, a shutter, a contact, or a measured 
value at the highest level of abstraction. Items are completely 
independent of the connected hardware or software. 

The user interface and all automations exclusively work with 
Items. This approach makes it easy to replace a Philips Hue 
lamp with a Shelly lamp without having to adapt the user in- 
terface or rules. An Item has a status, also known as the Item 


Figure 2: A floor plan in the openHAB Main UI. 
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openHAB History 


The openHAB project was founded in 2010 by Kai Kreuzer and 
initially exclusively focused on technically experienced users 
because there was no interface for configuration. In 2014, the 
core of openHAB 1 became an official Eclipse Foundation proj- 
ect (Eclipse SmartHome Framework), which was used both in 
openHAB itself and in commercial products such as Telekom's 
Oivicon smart home system. However, after commercial users 
increasingly left further development to the openHAB commu- 
nity, the decision was made in 2019 to shelve Eclipse Smart- 
Home and reintegrate it into the openHAB project, which sim- 
plified further development. 

After a (fairly rudimentary) admin interface was introduced in 
openHAB 2 back in 2017, 2020 saw the release of openHAB 3 
with greatly improved user-friendliness. The new Main Ul 
combines a comprehensive, customizable visualization with 
an admin interface. OpenHAB 4 (released in 2023 ) lets you 
configure everything graphically, whereas configuration files 
were required previously. 


State. There are different types of Items, such as Contact, Dim- 
mer, Number, Rollershutter, Switch, and Group. You'1l find a 
complete overview in the documentation [4]. Items are orga- 
nized in a semantic model consisting of locations (such as liv- 
ing room), devices (such as heating control), and properties 
(such as temperature). This means you can generate a user in- 
terface automatically. 

Rules implement the automation that makes a smart home 
out of a networked building. You can think of the rules as rou- 
tines or behavioral patterns for the smart home: “Turn off all 
the lights and turn down the heating when I leave the house. 
Turn on the radio when 1 get home, but only if the kids aren't 
asleep yet.” 

Rules can be 
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1 Figure 3: The openHAB graphical 
user interface on an ¡OS device. 
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as “if the children are not yet asleep,” and actions, such as 
“turn on the radio.” A trigger can be any event in the smart 
home, for example, state changes of, or commands to, Items or 
time triggers. Conditions are Item states or time conditions, 
such as “weekday,” “weekend,” or “after 8 pm.” Actions con- 
trol Items and can send push notifications or Chromecast voice 
messages. 

Scripts are special rules without triggers or conditions. A 
script is used to execute code and make an action reusable. 
Scenes should be familiar to any smart home user: You define a 
state that you want a series of devices to assume. For example, 
a “Television” scene can specify that the TV set is switched on 
and the light is dimmed. 

Pages are used to display information and enable interac- 
tions with the smart home via a graphical user interface. For 
example, you can display a temperature curve for the last 24 
hours or the status of all light switches. Pages are usually made 
up of widgets and are rendered by the main Ul in the browser 
or by the Android and iOS apps. 

Like pages, sitemaps offer options for visualization and con- 
trol but are limited in their feature scope and tend to be very 
fast. They do not have to be designed in an interface but can 
also be described in a declarative syntax. The Basic Ul and the 
Android and ¡OS apps take care of the display side. 

Things, bridges, channels, Items, rules, scripts, scenes, 
Pages, and sitemaps all have an ID or a name and a label. The 
ID or name must be unique and may only contain certain 
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Figure 4: The setup wizard configuring some basic system settings. 
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Figure 5: Using the developer sidebar to set up some initial Items. 
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characters. It cannot be changed at a later date. OpenHAB uses 
these unique identifiers internally. Labels act as identifiers in 
the interface and can be customized as required. 


Installation 

On Linux, you can install openHAB as a DEB or RPM package, 
or you can roll it out as a Docker container. Installation is par- 
ticularly easy on a Raspberry Pi, where you can install open- 
HABian either manually or with the aid of Raspberry Pi Imager. 
OpenHABian is based on Raspberry Pi OS and includes open- 
HAB, useful extensions such as Frontail, a web-based log 
viewer, and FireMotD, a login information screen. 

OpenHABian also offers a configuration tool that can config- 
ure numerous useful settings (such as SD card mirroring) and 
install applications, including the MQTT broker Mosquitto, In- 
fluxDB, Grafana, or Wireguard VPN. OpenHABian requires a 
Raspberry Pi 4 or 5 with at least 2GB RAM. 

OpenHAB also runs on many other Java 17-compatible sys- 
tems, such as Windows, macOS, and various BSD derivatives. 
However, the configuration involves some time-consuming and 
complex manual work. You'll find further information on the 
installation process on the project's download page [5]. 


Initial Setup 

After you have installed openHAB, you can start the initial 
setup by opening the Main UI web interface in the browser. 
You can access it on port 8080 (HTTP) and port 8443 (HTTPS) 
of the openHAB host. To get started, 
openHAB prompts you to create the 
admin user. The setup wizard then 
launches to help you define basic set- 
tings such as the language, time zone, 
and location — and to install add-ons 
(Figure 4). 

The wizard also suggests that you in- 
stall some persistence add-ons. You will 
want to take this advice, because it 
means that you can restore Item states 
on restart and display graphs of histori- 
cal Item states without further configura- 
tion. The next and final step suggests 
some additional add-ons based on gen- 
eral recommendations and the devices 
on your network: JavaScript scripting for 
Blockly, the Astro binding for calculating 
the position and time values of the sun 


a 0] + 
publi and moon, the Basic UI for displaying 
sitemaps in the browser, and - on my 
rad ger network, for example - the AVM-Fritz- 
== box binding and the Yamaha-MusicCast 
binding based on the devices running 
there. 


Because not every binding supports 
automatic detection, you need to think 
about whether you have other devices 
that you would also like to integrate. If 
you want to integrate a weather forecast, 
you can use Select Add-ons to install and 
choose the OpenWeatherMap binding. A 
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Figure 6: The Things Inbox with some initial entries. 


click on Install ... add-ons starts setting up the add-ons, which 
can take some time. That completes the initial setup. 

After the setup, it is time to add some initial Things, create 
some Items, and display them in the UI. To do this, use the 
Quick Start Wizard in the Developer Sidebar; the wizard opens 
automatically on the right-hand side of the screen (Figure 5). 
You will also find some useful Tools and Help functions, such 
as an FAQ and help texts on the user interface. The Ul docu- 
mentation is also available online [6]. 

As a logged-in admin user, you can open the developer side- 
bar at any time by pressing Shift + Alt +D or clicking on the 
question-mark icon in the top right-hand corner of the screen 
(assuming the screen is large enough). 


Adding Things 

On my system, the Thing Inbox contains the Fritzbox Thing 
and the Sun and Moon Things, which belong to the Astro bind- 
ing (Figure 6). 

To now add the Local Sun Data Thing, belonging to the Astro 
binding, just click on it and select Create Thing. Then do the 
same for Local Lunar Data. To integrate the weather forecast 
from OpenWeatherMap, click on the plus button and select 
Open WeatherMap Binding and Open WeatherMap Account. In 
principle, you could leave the default settings of Thing ID for 
the OWM account as is. But it does make sense to assign mne- 
monic Thing IDs, such as account, for example. 

Next, move on to set up an OpenWeatherMap account on 


and enter the required payment data for 
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Figure 7: The Things list after adding some initial Things. 
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the OneCall 3.0 API in the Billing plans 
tab of your account. One thousand API 
calls per day are free of charge, so set the 
daily limit to 1,000 and you will not be 
asked to pay - as things currently stand. 
You will then receive an API key in the 
API keys tab; you can store the key in the 
OWM account Thing's configuration and 
then save everything. 

After this step, you will see a list of 
Things. Click on the red Inbox button 
to open the Inbox again and add the 
OneCall API - Local weather and 
weather forecast Thing. In my sample 
environment, the blue plus button 
adds the Virtual Bridge for the Yamaha MusicCast Thing and 
then a Yamaha MusicCast amplifier as a Yamaha MusicCast 
model Thing. A bridge for the Yamaha MusicCast model is 
also needed. The resulting Things list looks like Figure 7. 


Models and Items 

To get started with the semantic model, switch to the Model 
page by either opening the settings or using the left sidebar. 
If you do not want to go to the trouble of building the model 
by hand, you can use one of the templates instead (Figure 8). 
If you like, you can then change the labels of the model 
Items to names that mean more to you by selecting the en- 
tries in the tree view and clicking Edit on the right-hand side 
of the screen. 

Now you need some Items. You could create these Items on 
the Items page in the settings and then manually link the Items 
to the channels of the Things, but there is a quicker and sim- 
pler option: Add the Items directly from inside a Thing. 

To do this, go back to the Things list, click on a Thing, open 
the Channels tab and scroll down. When you get there, select 
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Figure 8: Templates make it easier to create a semantic 
model. 
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Add Equipment to Model to create Items for the Thing's channels 
and watch as they are automatically assigned to the semantic 
model. Then select the Parent Group: The parent group is the 
location, that is, typically the room in which the Thing resides. 

Next, decide on the channels for which you want to create 
Items. In the Local solar data Thing, for example, you would 
want to select Sunrise start time, Sunset end time, Star sign, 
Season, and Total solar eclipse; you can adapt the names and 
labels of the Item to suit your needs. For the Yamaha Music- 
Cast Thing, choose the Living Room group as Parent Group 
and then select Main Zone Operation, Volume, and Input. 

Now, when you open the Jtems list in the settings, you 
should already see a number of Items. Click on an Item, such 
as Yamaha RX-A750 in my case, and press Edit to start editing. 
This group Item is currently assigned to the very generic se- 
mantic Equipment class; P'll classify it as a Speaker instead. Do 
the same for Local solar data, where you will want to select 
WeatherService as the semantic class. 


User Interface 
To view the automatically generated Start page, click on the 
openHAB logo in the left sidebar. The tab bar at the bottom of 
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Figure 9: Overview of the openHAB installation 
locations. 
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Figure 10: Overview of the devices used in an open- 
HAB installation. 
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Figure 11: Open map of the weather report application. 
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the screen takes you to the Locations (Figure 9) and Devices 
(Figure 10) tabs. Click on a map to open it (Figure 11). After 
clicking on the pencil icon, you can edit the Start page, rear- 
range the maps, and set the background images. 

What else is missing? The weather forecast! To add the 
weather, I will add a widget developed by (ERGroll Rainer, a 
member of the openHAB community. The widget requires a 
number of Items. Instead of creating them manually, you can 
experience the benefits of the text-based configuration option. 
Simply copy the openueathermap. items file into the $0PENHAB_ 
CONF/items/ folder; you will normally find this folder in /etc/ 
openhab/items/ on Linux. 

Then open the Developer Tools in the left sidebar and click 
on Widgets. Click on the plus symbol to create a new wid- 
get, copy the contents of the veatherCard.yaml file (see the 
Downloads for this article [7]) into the code editor, and then 
save it. 

You can now edit the Overview page in the Pages settings. 
Add a new layout block, then a Row, and finally a Column. 
Pressing the plus symbol opens a dialog box in which you 
can select the personal weatherCard widget. You can config- 
ure the widget by clicking on the icon directly above the top 
right-hand corner of the widget and setting the Item prefix 
to OneCallAPIveatherandforecast_. You can also define loca- 
tion titles, the 24-hour time format, and translations, if 
needed. Finally, save the settings and go back to the Start 
page (Figure 12). 

Note that this article is primarily focused on using open- 
HAB's automatically generated user interface. See the Getting 
Started tutorial in the documentation for a look at how to build 
a custom interface [8]. 


Creating Rules 

After you have added the Things, created the semantic model, 
and created the Items, it's time for a bit of automation. Open 
the Rules page in the settings and click on the blue plus symbol 
to create a new rule. You must assign an ID and a name to the 
rule; you can enter a description and tags for sorting before 
adding a trigger and an action. 

Click on Add trigger. Select Thing Event and Local solar data 
as the Thing. Leave the a trigger channel fired selection and set 
risettevent as the channel. After clicking on Add action, select 
Item Action and the switch Item of the amplifier in the seman- 
tic model. The command is ON. When you are finished, the 
rule should look like the one shown in Figure 13. 

This rule switches on the amplifier at sunrise. A similar rule 
could, say, automatically close all shutters at sunset. If you 


Figure 12: This is what a daily weather report looks 
like in the new widget. 
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have a motion detector that can be represented as a switch or 
contact Item, you can monitor state changes of this Item and 
use them to switch on a light (that is, set a switch Item to ON) 
as soon as motion is detected. An overview of all available trig- 
gers and actions, as well as rules in general, is available in the 
documentation [9]. 


Setting Up Remote Access 

Congratulations! You have just taken your first steps in the 
world of home automation. Wouldn't it be great if you could 
access openHAB outside your own network and send push no- 
tifications via rules? To do this, open the Add-on Store in the 
left sidebar and access System Integrations to install the open- 
HAB Cloud Connector. Then create a free account on[myopen] 
[Rad.org,] where you will be asked for a UUID and a secret. Both 
can be found in the folder $0PENHAB_USERDATA/, which is located 
in /var/1ib/openhab/ on Linux. The UUID is available in the 
uuid file, and the secret is hidden in the secret file in the open- 
habc1oud/ subfolder. 
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Figure 13: A ready-made rule that switches on the 
radio at sunrise. 
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After creating your myopenHAB account, all you need to do 
is download and set up the Android or iOS app and - presto — 
you can access openHAB remotely. 


Conclusions 

T hope this article has given you a better understanding of what 
openHAB is and the extensive possibilities it offers. It is very 
much worth taking the openHAB automation platform for a 
trial run. 

For a closer look at openHAB in action, visit the online demo 
site [10]. If you have further questions or need help setting up 
openHAB, do not hesitate to consult the openHAB documenta- 
tion [11] or the openHAB forum [12]. Here*s hoping you gain 
great satisfaction from implementing your smart home projects 
with openHAB! AA 


Info 

[11 openHAB:[https:/www.openhab.ord 

[21 openHAB add-ons: [htips:/www.openhab.org/addong 

[8] Free cloud: https: //www.myopenhab.ord 

[4] Item types: hrreps:/www.openhab.org/docs/configuration] 
items. htmi%type 

[5] openHAB download: [https//www.openhab.org/download 

[6] Main Ul documentation: 


[7] Article downloads:|https:/linuxnewmedia.thegood.cloud, 
/5RZX9t0W2FJ6N3A 


[81 Individual user interfaces: 
https://www.openhab.org/docs/tutorial/pages_intro.htm 


[9] Documentation for rules: 


[101] Demo installation: [rttps://demo.openhab.ord 
[111 openHAB documentation: [ttps://www.openhab.org/docg 
[12] Community forum: [https:/community.openhab.ord 
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Voice control with Home Assistant's Assist feature 


Talking House 


Home automation systems typically come with a web-based dashboard to 
control devices in your house. Home Assistant recently introduced a privacy- 
protecting voice system that operates locally. By Koen Vervloesem 


cience fiction movies have sold us on the idea of 

spaceships and homes we can talk to. In recent years, 

voice control at home has become possible thanks to 

the so-called “smart speakers” from Google, Amazon, 
and Apple. However, with these devices, almost all processing 
happens in the cloud, where your voice recordings are pro- 
cessed and translated into sentences and meaning. 

Of course, this comes with drawbacks: You don't have any 
control over what happens with your voice recordings, pos- 
ing a significant privacy risk. But, fundamentally, the prob- 
lem lies even deeper. It makes no sense for your voice to 
travel through the Internet just to turn on a light in the same 
room where you are standing. Fortunately, offline voice con- 
trol is feasible, even using only open source software. None- 
theless, voice processing is a complex and computationally 
intensive task, so you must be content with a limited scope, 
such as opening and closing blinds, turning lights on and 
off, asking for the time, or checking whether the door is 
closed. 

Home Assistant [1] is an open source home automation proj- 
ect that puts local control and privacy first. You can use Home 
Assistant to control your devices without relying on cloud ser- 
vices. One of the areas where home automation has been diffi- 
cult in the past is voice control. However, at the end of 2022, 
Home Assistant founder Paulus Schoutsen declared 2023 “the 
year of voice,” aiming to enable users to control their homes 
with voice commands in their native language using offline 
processing. This feature has now become quite usable, allowing 
you to control your home with a user-friendly voice assistant 
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that respects your privacy and is made from open source 
software. 


Installing Home Assistant 

In this article, P'1l assume you have Home Assistant in- 
stalled. However, it is essential to know about the best 
Home Assistant installation [2] options to get a useful voice 
assistant. Although the Raspberry Pi [3] is a popular plat- 
form for running Home Assistant, it reaches its limits for 
voice control. It's doable, but you have to make compro- 
mises. On the other hand, an Intel NUC or another x86-64 
machine has the necessary power to process voice com- 
mands and generate speech efficiently. 

Another recommendation is to use the Home Assistant 
Operating System installation method. This method installs 
a custom Linux distribution with Home Assistant and add- 
ons in containers, all fully integrated and managed. P'1l use 
this installation method because it allows me to easily add 
voice control by installing the appropriate Home Assistant 
add-ons. Note that you can even install Home Assistant Oper- 
ating System in a virtual machine if you don't have dedicated 
hardware for it. 


Helpful Assistance 

The infrastructure behind voice control in Home Assistant is 
called Assist [4], and it extends beyond voice: It allows you to 
control the home automation system using natural language. 
For instance, clicking on the Assist icon (a speech bubble) in 
the top-right corner of Home Assistant's web interface opens a 
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chat interface with 
the question “How 
can l assist?”. You 
can now type 
questions about 
your home auto- 
mation system. 

But what ques- 
tions does Assist 
understand? This 
list of questions is 
a work in prog- 
ress, and the proj- 
ect documents its 
built-in sen- 
tences [5], so you 
can look up what 
to expect. This in- 
cludes turning en- 
tities on and off, 
adjusting the 
brightness and color of lights, asking about the weather, get- 
ting information about a state, controlling the media player, 
using timers, and adding items to a list. For example, you can 
ask whether a specific device is turned on (Figure 1). 
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Assist is always available 
in Home Assistant as a helpful 
assistant. 


Exposing Devices 

By default, Assist doesn't have access to your devices. This 
precaution ensures you don't inadvertently control sensitive 
devices, such as locks, garage doors, and covers, through 
misunderstood voice commands. Therefore, all devices that 
you want to control or that you want to ask information 
about must first be exposed to Assist. Open Settings | Voice 
assistants and then click on the Expose tab. Click on the 
blue Expose entities button at the bottom right and then se- 
lect the entities that you want to expose. After you click on 


Expose the devices you want to control to Assist. 
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the button to expose the selected entities, they are listed in 
the Expose tab (Figure 2). 

Some of these devices may have names that are too lengthy 
or cumbersome to type or speak. Fortunately, you can also 
define aliases for these names. Just click on a device in the 
Expose tab and then click on Add alias. Type an alias, or even 
multiple aliases, after which you can refer to this device using 
one of its aliases (Figure 3). 


Adding Voice 

Now that you have a text-based Assist running, it's time to 
add voice capabilities. You'll need voice components in two 
directions: to convert your speech to text and vice versa. Both 
components can be installed as add-ons in Home Assistant. 
Go to Settings | Add-ons, click on Add-on store at the bottom 
right, and then install the Whisper add-on for speech-to-text 
and start it. Next, install the Piper add-on for text-to-speech 
and start it as well. 

By default, both add-ons are configured for English. In 
their Configuration tabs, you can set some options. For in- 
stance, you can change the language if you want to interact 
with your home in a language other than English. Even for 
English text-to-speech, you can choose among various 
voices, including American and British, if you don't like the 
default generated voice (Figure 4). For the speech-to-text 
system, the default model is a compressed version suitable 
for a Raspberry Pi 4, but it's slightly less accurate. If you 
have a more powerful machine, you can try one of the other 
models. 

The Piper and Whisper add-ons use the Wyoming proto- 
col. Once the add-ons are installed, you'll need to integrate 
them into Home Assistant. Head over to the integrations 
under Settings | Devices € services. Both add-ons should 
have been discovered as integrations from the Wyoming Pro- 
tocol (Figure 5). Click on Configure for each of them. Once 
they”re set up, both Piper and Whisper are displayed as enti- 
ties under the Wyoming Protocol 
integration. 


Use an alias to refer to 
your device with a user-friendly 
name. 
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Setting Up Your Assistant 


By default, Home Assistant creates one voice assistant, which 
is found under Settings | Voice assistants and is simply called 
Home Assistant. You can add a new assistant by clicking on the 
Add assistant button or edit the existing assistant by clicking 
on its name. Choose a name or edit it and select the language 
for your assistant. For the Conversation agent, choose Home 
Assistant and the language. This conversation agent is the 
component that processes text, converts it to the corresponding 
intent, lets Home Assistant execute the correct action, and re- 
plies with an appropriate response. 

For the Speech-to-text component, choose faster-whisper and 
select the language. For the Text-to-speech component, select 
piper, the language, and a voice. For the language, you can 
choose between en_US and en_GB. Click on Try voice to hear 
how it sounds. Finally, click on Update to set up your assistant 
(Figure 6). 


Choose from Piper's numerous American 
and British voices. 


Home Assistant has discovered the Piper 
and Whisper add-ons using the Wyoming protocol. 
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Talking to Your House 
Now that you have set up the Assist pipeline, it's time to talk 


to your house. The easiest way to do this is by using the Home 
Assistant Companion [6] app, available for Android and ¡OS. 
After connecting it to your local Home Assistant installation, 
tap on the three dots at the top right, choose Assist, and allow 
the app to record audio on your phone. 

When Assist is active in the companion app, you'll see the 
microphone icon pulsating at the bottom, indicating that it's 
actively listening for your requests. Simply ask a question or 
give a command by talking to your phone. The text transcrip- 
tion will immediately appear in the app along with the answer, 
which will also be spoken (Figure 7). Click on the microphone 


Configuration 


Text-to-apeeci 


Pioke word 


The Assist pipeline consists of various com- 
ponents that you can choose and configure. 
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icon to get Assist listening again. If Assist doesn't understand 
your voice, you can always tap the keyboard icon to type your 
request instead. 

You can also integrate Assist with your phone operating 
system's digital assistant functionality. For Android, go to Set- 
tings | Apps | Default apps. Tap Digital assistant app and then 
Default digital assistant app. Choose Home Assistant. If you 
go back one step now, Default digital assistant app should 
display Home Assistant as the default. Leave the Settings, and 
now you can always start Assist from anywhere in Android. 
For most Android versions, this is done by holding the home 
button (the circle icon at the bottom). You will then see the 
question “How can l assist?” and you can start talking. For 
detailed information, visit the Assist on Android [7] page. You 
will also find instructions for iPhone users on the Assist on 
Apple devices [8] page. 


Assistant in a Box 

Wouldn't it be easier to have a device in your living room that 
you could talk to, rather than picking up your phone? Fortu- 
nately, this is possible with Home Assistant's voice assistant 
architecture. Two supported device families are the M5Stack 
Atom Echo Development Kit [9] (around $17) and the ESP32- 
S3-BOX [10], ESP32-S3-BOX-Lite, or ESP32-S3-BOX-3 (around 
$54). The Home Assistant project has tutorials on setting up 
both device families, but ll explain how to install the ESP32- 
S3-BOX device. 

By default, these 
devices come with 
different firmware, 
but you can install 
your own firmware 
with voice assistant 
functionality. 
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Talk to your house using 
the Home Assistant Companion 
app on your phone. 
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Home Assistant offers voice assistant firmware created with 
ESPHome [11] for these devices. I covered ESPHome in an ear- 
lier Linux Magazine article [12]. The easiest way to install the 
firmware is through the web installer for ESPHome Ready-Made 
Projects [13]. This only works in the Chrome or Chromium web 
browser on a computer, not on a phone or tablet. Alternatively, 
you can download the YAML files from the ESPHome Firmwares 
repository [14] and build and flash the firmware using ESPHome's 
toolchain, as explained in the previous article. 

On the Ready-Made Projects web page, select Voice assistant 
and then choose the device to turn into a voice assistant. Con- 
nect the device to your computer using a USB-C data cable. 
Then click on Connect in your web browser to start the installa- 
tion. Choose the port in the pop-up that your browser shows, 
probably ttyACMO, and click Connect. Then choose Install 
Voice Assistant and confirm that all data on the device will be 
erased. The firmware installation happens in under a minute 
(Figure 8). 

When the installation is complete, choose the WiFi network 
for your device to connect to and enter its password. When the 
device is connected to your network, the web page asks you to 
add the device to Home Assistant. If your Home Assistant is 
not accessible on[http://homeassistant.Ibcal:8123, replace it 
with the URL of your Home Assistant instance. Click on Save 
and then Open link. You're now prompted to set up ESPHome. 
Click on OK, select the discovered device, and click Submit. 
Optionally, assign an area to your device, and click Finish. The 
device*s display now shows a happy face within a gray house 
on a black background. 


Wake Word 


One configuration detail is left: enabling a wake word, so you 
can just shout to your device to let it start listening to your re- 
quests. So, open Settings | Add-ons, click on Add-on store at the 


Install the voice assistant firmware on an ESP32-S3-BOX. 


31 


: m D 


LIN 


MEF. Voice Control with Home Assistant 


bottom, and install the open WakeWord add-on. Start the add- 
on and then navigate to Settings | Devices €. Services. You”1ll find 
openWakeWord discovered under the Wyoming Protocol, just 
like Piper and Whisper previously. Click on Configure and con- 
firm, after which open WakeWord is added to the Wyoming 
Protocol. 

Now navigate to Settings | Voice assistants, where you open 
your voice assistant settings. At the bottom, choose openwake- 
word as the wake word engine and select a wake word, such as 
“hey Jarvis.” Click on Update to save the settings. The Assis- 
tants tab now not only shows the entities exposed but also one 
Assist device. Click on the tab and then click on the device. In 
the device settings, for the wake word engine location, choose 
In Home Assistant. 

You can now talk to the device. Wake it with your configured 
wake word, in this case, “hey Jarvis,” and then the house icon 
turns blue with a white background. Simply say your request, 
after which the device sends the appropriate command to Home 
Assistant and responds through its built-in speaker. Your request 
and the response are also shown on the display (Figure 9), at 
least if Display conversation is enabled in the device settings. 


Conclusion 

You can now control your home automation system using 
your voice, with a solution entirely built from open source 
software and running solely on your own devices. Many addi- 
tional possibilities exist. For example, you can also create 
your own wake word [15] if you prefer to address your voice 
assistant by something other than Jarvis, Mycroft, Rhasspy, 
Alexa, or Nabu, which are the default wake words in Home 


Figure 9: The ESP32-S3-BOX is now always listening 
for your requests. 
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Assistant. You can also use Piper TTS in automations [16], for 
example, to announce an event in your home automation 
system over your media player. Other settings let you fine- 
tune to your liking, and you can even enable on-device wake 
words on ESP32 S3 devices using the microWakeWord [17] 
project. These are fascinating times; yes, it does feel like 
we're living in a science fiction movie. MH 


Info 


[11 Home Assistant: [htips:/www.home-assistant.id 

[21 Home Assistant installation: 

[3] Raspberry Pi: 
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[131 ESPHome Ready-Made Projects: [https://esphome.io/projects] 
[14] ESPHome Firmwares repository: 

[15] Create your own wake word: [htips:/www.home-assistant.io) 
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Cool It 


This article shows how to connect a Rotex heat pump with a Raspberry Pi and 
integrate it into a smart home solution. Building in some legacy roller blinds 
helps with solar gain, but ¡it requires some extra steps. By Martin Loschwitz 


networked home offers a wide range of options for 

saving energy and increasing the comfort of residents. 

And these factors are also typically interdependent. A 

bedroom that is not used throughout the day does not 
need to be heated continuously in winter. But if you know that 
you will be going to bed at 10pm, you can program your heat- 
ing to reach a comfortable temperature at the desired time. 
The flexibility you need for this kind of solution can only be 
achieved with much discipline - or with smart thermostats 
that correlate the room temperature and the time and initiate 
the heating process at the right moment. 

Heat pumps offer many options for optimizing energy 
usage - provided they are integrated into a smart home envi- 
ronment. If you use your heat pump wisely, you can save 
electricity and still keep your home comfortably warm or 
cool at all times. 

To integrate a heat pump sensibly into an air conditioning 
solution, it needs to be accessible on your own home network. 
This is the only way to read a value such as the current tem- 
perature in a particular room and use it as the basis for config- 
uring the pump. I faced this very challenge a few months ago. 
Our new home has a heat pump by Rotex and almost 
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obligatory underfloor heating. When we moved in, however, 
the only control option consisted of the thermostats installed in 
the individual rooms, which controlled the valves of the under- 
floor heating control system and therefore indirectly controlled 
the heat pump. Metrics available in the system itself were inac- 
cessible on the home network, as were the existing options for 
dynamic reconfiguration of the heat pump. It was simply im- 
possible to combine smart room thermometers with dynamic 
heating profiles without further action. 


Familiar Face 

In my case, the heat pump installed in our home is by Rotex. 
The company no longer exists as an independent manufacturer 
and has been acquired by industry giant Daikin. However, Dai- 
kin has not discontinued support for Rotex products. Instead, 
the product portfolio has been updated and adapted to Daikin's 
existing portfolio. The heat pump in this specific case still fol- 
lows the Rotex rules. Years ago, Daikin developed a solution to 
expose all runtime data and configuration interfaces of its own 
heat pumps to the outside world via a serial interface. Accord- 
ingly, these interfaces can also be found on newer generation 
Daikin-badged Rotex heat pumps. 
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The heat pump in this example, on the other hand, requires 
a different approach. There is a terminal labeled J13 on the 
controller board that can be connected to a product known as 
the “RoCon G1” via a cable. The “G” stands for gateway, and 
the old G1 by RoCon - much like Daikin's in-house solutions — 
had a kind of serial interface for the heat pump. The bad thing 
is: Rotex originally charged just south of EUR700 for the RoCon 
Gl. And, to make matters worse, the product is no longer avail- 
able because Daikin discontinued its production. Used models 
are still available, but at EUR350 or more, they would also tear 
a massive hole in the budget. 

If you have a bit of experience with the Raspberry Pi 
community, you will probably immediately suspect that the 
RoCon Gl is a single-board computer with modified soft- 
ware. The open source community, which is always ex- 
tremely keen to experiment, immediately provided me with 
an answer following a simple Google search. Although the 
Gl does not have a Raspberry Pi under the hood, it does have 
a Banana Pi - a very similar board that is largely compatible 
with the Raspberry Pi. 

If you dig down a little on Google, you will quickly find 
out that the pyHPSU software on the modified Banana Pi is 
primarily responsible for the connection to the heat pump. 
And pyHPSU is freely available as open source software on 
GitHub. From the Linux admin's point of view, this clearly 
shows where the journey is heading. pyHPSU requires a 
Control Area Network (CAN) bus to communicate with a 
Rotex heat pump. And there is no shortage of CAN bus in- 
terfaces for the Raspberry Pi. If you are not fazed by the idea 
of equipping a Raspberry Pi with a CAN bus interface and 
then rolling out pyHPSU on Raspberry Pi OS, you can build 
an equivalent replacement for the RoCon Gl yourself with- 
out too much trouble. 

Admittedly, the method described below is highly specific 
to Rotex devices. However, a quick Google search shows that 
the heat pumps of many other manufacturers can also be 
controlled via a CAN bus and that libraries from the open 
source world exist for the various protocol variants. You 
need to pay attention to the interfaces that the software can 
support. pyHPSU supports several, such as the Homematic 
protocol, as well as interfaces to FHEM or openHAB, and it 


Figure 1: A Raspberry Pi 4 offers enough power for 
reading CAN data via a CAN HAT, but a special case ¡is 
required. O Raspberry Pi 
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can output data to an SQL database. pyHPSU also drove the 
decision in favor of the smart home solution that I ulti- 
mately chose: Homematic. 


Going Shopping 

Time to write a shopping list. The Raspberry Pi 5 is still rela- 
tively new, so there is no CAN board available for it on the 
market as yet. But that doesn't matter, because the resources 
offered by the Raspberry Pi 4 (Figure 1) are more than up to 
the task of running pyHPSU in daemon mode. In addition to 
the most powerful RPi4 board, you will need the PiICAN3 
HAT [1] and a suitable case [2] (Figure 2) for this combina- 
tion. You also need the usual suspects for the Raspbertry Pi: 
a power supply unit with suitable amperage and a good MicroSD 
card for Raspberry Pi OS. All told, these components will set you 
back around $200; although this is not cheap, it is still far more 
affordable than even a used RoCon Gl. 

The assembly work is quickly done. Simply plug the Pi 
HAT into the Raspberry Pi, fasten the combination in the 
case, close the lid, and slot in the SD card. Before inserting 
the card, you will obviously need to install Raspberry Pi OS 
up front; again, this can be done quickly, and you can even 
set up a customized configuration using the tool provided by 
Raspberry Pi OS. Then comes the moment of truth: A func- 
tioning Raspberry Pi with a CAN bus is a success, but it still 
needs to be connected to the heat pump somehow. An in- 
stallation cable with a wire cross section of around 0.8 
square millimeters is recommended, so that the installation 
on the heat pump side is not too fiddly. 


Connecting 

Installing the Rasp Pi on the heat pump proved to be one of 
the more difficult parts of the task at hand. I already men- 
tioned the ominous J13 connector - unfortunately, it is not 
designed as a plug on all Rotex heat pumps. The switching 
point can be found on the RoCon BM1 circuit board, which 
is also home to the heat pump's central control unit. It is lo- 
cated where you can see the thermal accumulator display 
from the outside (Figure 3). 


Figure 2: PICAN3 extends the Raspberry Pi to 
include a CAN bus, which you need if you want to 
control devices that use CAN for communication. 
You'll need a suitable case. O PiCAN3 
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But instead of a connector, there were only three solder 
points on the board labeled J13. “Just plug in” turned out not 
to be a valid plan. Note that J13 (Figures 4 and 5) consists of 
four solder pads in total: CAN-H, CAN-L, CAN-GND, and 
CAN-VCC. The lines for CAN-H, CAN-L, and CAN-GND need 


Figure 3: The BM1 control element with connector 
J313 is located behind the black flap at the top; the 
heat pump control unit can be seen at the front. 

O Daikin GmbH 


4356 Pin assigamen! circuit board RoCon BM 
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to be connected to the terminal connectors of the same name 
on the Raspberry Pi's CAN HAT. If you have some experience 
with soldering, you can do this quickly. If this is not the case, 
you may want to take some lessons up front or get help from 
someone with soldering experience. 

But, please note: The BM1 control unit of a Rotex heat pump 
is energized. It is absolutely essential to make sure that the ap- 
pliance is de-energized by removing the fuses before carrying 
out any work on the circuit board; otherwise there is a risk of 
fatal injury. Incidentally: Even if you are only renting a house, 
you can connect to the Rotex heat pump in this way. This is be- 
cause the soldered cable, if soldered correctly, can be removed 
without a trace later. 


Getting Started 

Once the heat pump's CAN bus and the Raspberry Pi's CAN 
HAT are connected, and the Rasp Pi is connected to the power 
supply, there is not much left to do before you can start using 
the CAN data from the heat pump. pyHPSU comes with instal]. 
sh, although there is another minor stumbling block. If you 
search for “pyHPSU” on Google, you will end up with several 
GitHub repositories that are related and partly forked from each 
other. The first Google entry is usually the GitHub directory be- 
longing to Zanac alias Emiliano Maina. He has obviously lost in- 
terest in his former flagship project, and the original pyHPSU 
version has not seen any updates for over six years. 

The fork by Spanni26 [3], to which some code was added in 
January 2024, is far healthier. Installing this version is trivial. 
Download the Git repo and then run ./instal!l.sh in the folder 
to copy the required tools to the appropriate location. You can 
then create a virtual network interface for the CAN bus on 
Raspberry Pi OS in /etc/netuork/interfaces (Listing 1). 

Tf the installation has worked thus far, the command 


pyHPSU.py -c t_hs 


then produces the value for t_hs, the set point for the flow 
temperature of the heat generator. 


Roller Blinds 
The roller shutters in our home are fit- 
ted with drive motors. Classic raising 
and lowering is therefore no longer car- 
ried out via a cable-like mechanism but 
electronically at the touch of a button. 
A sensible solution, it seemed to me, 
was for the smart home control system 
to control the blinds as well as the heat 
pump. Cooling a room with a heat 
pump makes no sense if the sun shines 
into the room for hours during the day 
and heats it up massively. Managing the 
blinds would allow me to maximize the 
benefit of the heat pump by optimizing 
the solar gain. 

Unfortunately, just because a blind is 
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Figure 4: Connector J13 has four pins, of which the pins for CAN-H, fitted with a drive motor does not mean 
CAN-L, and CAN-GND need to be connected to their counterparts on  itis “smart.” In my case, the existing 


the Pi HAT for the Raspberry Pi. O Daikin GmbH 
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system did not allow me to open or close 
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example, you will need to work with 
WAGO terminals, wire strippers, and 
various other tools in the very confined 
space offered by the pre-drilled flush- 
mounted box. It took me half a day to 
set up a total of nine controllable roller 
blinds. 

T also added various digital room ther- 
mostats to record the room temperature. 
These thermostats are switchable and 
can control the underfloor heating in the 
room. Again, Homematic had appropri- 


Figure 5: Clearly visible in the bottom center of the picture: the solder 
pads for connector J13. Sometimes there are actually plugs, but often 
you only find pads to solder to. Any work must be carried out by some- 
body who knows what they are doing - and the heat pump must be 


de-energized. 


Listing 1: Virtual Network Interface 
<pre> 
auto cano 
iface can0 inet manual 
pre-up /sbin/ip link set $IFACE type can bitrate 20000 
triple-sampling on 
up /sbin/ifconfig $IFACE up 
down /sbin/ifconfig $IFACE down 


</pre> 


individual roller blinds in a targeted manner using a wireless 
command. 

Fortunately, the industry has come up with solutions to this 
problem. The vendor Homematic offers a “shutter actuator” 
that acts as an alternative to existing mechanical switches and 
seamlessly replaces them in standard flush-mounted boxes. If 
you replace an existing switch with such an actuator, the ap- 
pearance of the switch generally does not change at all, but its 
function does. Although manually opening and closing the 
roller shutters at the touch of a button will also work if you use 
the smart roller shutter actuator, it makes far more sense to 
control them via your smart home platform, typically using an 
app on your smartphone. 

In an average-sized house with many roller shutters, install- 
ing all those roller shutter actuators is a time-consuming task. 
This task is all the more arduous if the cable routing is, shall 
we say “creative,” as is the case in our home. If you don't 
know anything about the subject, keep your hands off the 
electrical installation and hire a specialist instead. Most 
motors for roller blinds use 230 volts and are installed in the 
rooms in such a way that light switches and often a single- 
socket outlet can be found in the immediate vicinity (triple 
switch). Then there is no separate neutral conductor in the 
socket for the roller shutter switch, because it is simply 
obsolete for a simple switch. 

In this design, L1 (the hot wire) is often simply routed 
through the shutter switch. If you want to connect a shutter 
actuator, it requires a separate power supply (i.e., L1 and N). 
On top of that, Homematic devices, for example, cannot loop 
through L1. In the worst case, like the electrician in the 


ate solutions for this in its portfolio, but 
they don't meld with the overall setup as 
well as the roller blind switches. At the 
end of the day, all of this effort was re- 
warded with a house in which all the 
central properties of the heat pump, plus 
the room temperatures, and roller blind configurations can be 
individually queried and controlled. 


Homematic Issues 

The adapter plates (Figure 6) on the Homematic devices are 
visually appealing and let you keep using the switch covers. 
In principle, Homematic devices can only be controlled with 
a control center provided by the manufacturer. However, 
Homematic has at least two variants of the control center in 
its portfolio, and the differences between them could hardly 
be greater. A third one is in the cards starting in Fall 2024. In 
order to understand the differences between the devices in 
more detail, you need to familiarize yourself with the 
details. 

The Central 
Control Units 
(CCUs) are the first 
generation Home- 
matic control cen- 
ters. Several revi- 
sions are available, 
the last one still 
supported by 
Homematic being 
version 3. You can 
still buy new CCU 
v3s, but the manu- 
facturer has al- 
ready announced 
its end of life. 
Homematic has 
now introduced 
Homematic IP, a 
cloud-based ser- 
vice that the man- 
ufacturer wants all 
future Homematic 
devices to use. 
Homematic IP dif- 
fers significantly 
from the previous 


a LJ 4 y 
Figure 6: Adapters are available 
for Homematic roller blind actua- 
tors for the switch series of major 
vendors. The complex technology 
disappears behind attractive 
trims. O FHEM Wiki 
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protocol in terms of both the protocol used and the way it 
controls smart devices. 

The crux is that Homematic IP does not provide an open API 
that services such as FHEM or openHAB can dock on to - all 
available interfaces are proprietary. Anyone who connects their 
Homematic IP devices, including the blind actuators, can only 
control them via channels approved by Homematic. At the 
beginning of May, the manufacturer announced a new Home 
Control Unit (HCU) for Homematic IP that will also support 
external interfaces such as EEBUS. However, until people can 
get their hands on and test this device, what it actually does 
remains unclear. It is by no means certain that openHAB or 
FHEM will fully support the HCU. 

The good news is that, at least all Homematic IP products 
released to date, are also compatible with the old version of 
the CCU. However, parallel operation is not supported; in 
other words, a device cannot be connected to the CCU and 
Homematic IP at the same time. Luckily, this is not neces- 
sary if you only want to address the devices via Homematic 
but let another service on the local network take over cen- 
tralized control. Even the fact that Homematic will soon no 
longer be offering the CCU v3 as a new device does not af- 
fect the FOSS community. Inventors have already discovered 
that the CCU is actually just a RPi 3 with preinstalled soft- 
ware in a stylish housing with an additional wireless mod- 
ule. The software can be extracted from this device and 
transferred to other devices. 

There are actually already several distributions for operat- 
ing a Homematic CCU, including piVCCU [4] (Figure 7), 
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debmatic [5], and RaspberryMatic [6]. They are all based on 
the OCCU distribution, which the Homematic manufacturer 
eQ-3 itself offers on GitHub as free software [7]. Conve- 
niently, both openHAB and FHEM can control the classic 
Homematic CCU. If you connect the Homematic IP devices 
installed in your home to a classic Homematic CCU, it can 
then be connected to FHEM or openHAB. 

Ultimately, this only raises the question of which procedure 
makes the most sense from the user's point of view. The easi- 
est way is to get hold of an original CCU v3 by Homematic (not 
a Homematic IP Access Point). However, you then run the risk 
of the provider no longer providing security updates at some 
point. This can become a security problem later, both in theory 
and in practice. Very few households are likely to connect de- 
vices such as smart roller blind actuators to their own home 
WiFi network. If a permanently unpatched Homematic CCU 
mutates into a gateway for attackers, the attack could also af- 
fect your private data. 

It is more secure to get hold of a Raspberry Pi 4 or 5 and 
run piVCCU or debmatic on it. Under the hood, the distribu- 
tions are largely identical in terms of functionality: They en- 
capsulate the actual control software by ELV in a container, 
which they then roll out with a few add-ons to also support 
external devices. These devices prove to be indispensable for 
the DIY solution based on the Raspberry Pi, as the Home- 
matic protocol does not use the classic WiFi out of the box, 
but instead transmits on its own frequencies. Unfortunately, 
the Raspberry Pi does not have hardware to support this out 
of the box. 


piVCCU, a local, well-maintained alternative to Homematic's CCU v3, is maintained and developed 
by the FOSS community. The figure shows the solution's web interface with clear similarities to the original. 
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For example, you need the Homematic wireless module di- particular are connected in line with the Homematic IP stan- 
rectly from ELV and an adapter board to actually connect the dard. Once you have this in place, the rest of the setup is 
wireless module to the Rasp Pi. All told, this is not exactly comparatively easy. 


cheap and involves a bit of tinkering, but 
itis a long-term and reasonably future- 
proof solution for connecting Homematic 
IP devices to FHEM or openHAB. If you 
prefer to use USB, you can purchase the 
Homematic IP RF USB stick (HmIP- 
RFUSB) directly from ELV (Figure 8). 
However, this solution comes as a kit, 
which the user first needs to solder to- 
gether. You can also purchase pre-built 
alternatives from various online stores. 
Because the community now pack- 
ages the original OCCU firmware itself 
and maintains parts of it, it would - in 
all likelihood - continue to exist even 
if the manufacturer went bankrupt or 
ELV gave up the Homematic portfolio 
completely. In the fast-moving world 
of hardware and software, it is almost 
impossible to achieve greater planning 


security. 

In any case, this article assumes that | ] 
a CCU v3-compatible device is avail- Figure 8: The HmIP-RFUSB extends any USB device to include a wireless 
able, to which the blind actuators in option for Homematic and Homematic IP frequencies. o Elv 
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Start with the Software 


Once you figure out how you want to interface with the 
Homematic components, it all comes down to the details. 
The next step is to install a smart home platform like FHEM 
or openHAB to automate and manage the system. (See the 
article on openHAB elsewhere in this issue.) You will find 
some useful How-Tos on the web that explain the procedure 
from the first step. This article therefore assumes that open- 
HAB and FHEM are already set up and that the rooms have 
also been created in the system. The next step is to set up 
the connection between the individual services and FHEM 
or openHAB. 

The pyHPSU Python library provides native support for both 
FHEM and openHAB. You will find instructions in the project 
manual [8]. Integration with FHEM is even easier than with 
openHAB: All you need to do is open a Telnet connection by 
typing /etc/pyHPSU/pyhpsu. conf. In openHAB, on the other 
hand, the individual parameters that pyHPSU reads from the 
heat pump via the CAN bus must be set up as separate Items 
in openHAB. You then have to store the desired control based 
on these Items. 

That takes care of the heat pump issue; what about the blind 
actuators? If you're using FHEM, the recommendation is to use 
the HMCCU module. This module provides a native connection 
to a Homematic CCU, regardless of whether it is the original or 
an open source replica. But the connection itself is not the end 
of the line: You also need to create your own device in FHEM 
and link it to the HMCCU module. This is the only way to con- 
trol the roller blinds precisely. The FHEM wiki contains de- 
tailed instructions, although non-German speakers will need to 
depend on browser translation [9]. 

If you prefer openHAB, you are in for a pleasant surprise: 
Marc Willmann has written extensively on the subject of 
Homematic and openHAB and provides tips on setting and 
configuring things [10]. Essentially, the task is to first connect 
the Homematic CCU to your own smart home control center 
via the Homegear bridge (Figure 9) and then connect it to 
openHAB via Homegear. All devices adopted from Homematic 
are then available in the openHAB installation as controllable 
devices that send events when a button is pressed or can be 
operated remotely via events. 

But connecting the heat pump and Homematic CCU with 
FHEM or openHAB is only half the battle. Of course, the ability 
to control the devices remotely or respond to events is a good 
thing, but you will also want to create automations in FHEM or 
openHAB based on external events. A classic example would 
be to close the blinds in a room at a certain time of day using 
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FHEM or openHAB so that the sun doesn't heat up the room all 
afternoon. 


Conclusions 

Comprehensive smart home control based on Linux is possible 
if you're willing to work with the hardware. If you can choose 
the hardware yourself and tailor it to mesh with your smart 
home solution, you have a head start over users in scenarios 
where this choice was made by someone else. Either way, 
many users prefer to avoid solutions that are somehow con- 
nected to cloud solutions - for privacy reasons as well as in 
realization that the manufacturer could discontinue this cloud 
at any time. 

Which ever way you go, a comprehensive smart home is not 
going to be cheap. The components installed in the author's 
setup ultimately cost over EUR2500, including the Midea air 
conditioners I purchased later, and this does not include the in- 
stallation work. On the positive side, though, this setup is water- 
tight and future-proof and does not depend on external actors. If 
you want a smart home with open source components, you will 
have to invest a great deal of work and money, but what you get 
in return is a universal, exceptionally reliable solution. AMA 
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ttps://wiki.fhem.de/wiki/HM-LC-BI1PBU-FM 
unk-Rollladenaktor_f%C3%BCr_Markenschalter| lin German] 

[10] Roller blinds and openHAEB: |https://www. marc-willmann. de, 

en/projects/openhab-and-homematid 


[2] 
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BOSS 
By Br 


inux has always been centered in 
Europe and North America. How- 
ever, in the last few years, India 
has started to become another 
center of activity. Currently, Linux has a 
14.51-percent market share in India - 
almost three times above the world 
average [1]. Indian developers, many of 
them young, are contributing to popular 
distributions, and Indian-based distribu- 
tions are also starting to appear, notably 
blendOS, which runs multiple distribu- 
tions via containers, and BackSlash, a 
heavily-tweaked version of Ubuntu. 


Author 


Bruce Byfield is a computer journalist and 
a freelance writer and editor specializing 
in free and open source software. In 
addition to his writing projects, he also 
teaches live and e-learning courses. In his 
spare time, Bruce writes about Northwest 
Coast art (http://brucebyfield. wordpress. 
com). He is also co-founder of Prentice 
Pieces, a blog about writing and fantasy at 
https://prenticepieces.com/. 
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he digital divide in India, 


fers an easy-to-use distribution for all users. Y 


Sité March 2024, these distributions 
have been joined by Bharat Operating 
System Solutions (BOSS) Linux [2]. 
What distinguishes BOSS from most dis- 
tributions in any country is that itis gov- 
ernment sponsored, with goals that are 
less about technology than about bridg- 
ing the digital divide and helping to im- 
prove India's technical infrastructure. 
BOSS is developed by the Centre for 
the Development of Advanced Comput- 
ing (C-DAC) at Chennai, a research and 
development institute with an empha- 
sis On postgraduate studies and a man- 
date to help create and expand India's 
technical infrastructure. C-DAC is the 
National Resource Centre for Free and 
Open Source Software (NRCFOSS) with 
a focus on, among other concerns, soft- 
ware as a service (SaaS), ubiquitous 
computing, cloud computing, and edu- 
cation and training. Its areas of re- 
search include defense, online analy- 
tics, all-in-one software management, a 
mail server, cloud services, municipal 


a 


P 


SS document 


da a 
server. In all thes , C-DAC places 
a heavy emphasis O urity. BOSS 
Linux fits in well with both C-DAC's 
technical and political goals. pan 

With such interconnections, itisUn- 
surprising that in the few months ofits 
existence, BOSS has had six million 
downloads and multiple releases. The 
BOSS drishti release is designed for edu- 
cation, while unnati is for servers. BOSS 
Minimalist Object Oriented Linux 
(MOOL) is experimental, attempting to 
redesign “the Linux kernel to reduce cou- 
pling and increase maintainability by 
means of object oriented abstractions. 
Excessive common coupling prevails in 
[the] existing kernel. MOOL features a 
device driver framework to write drivers 
in C++ and insert them as loadable ker- 
nel modules” [3] - efforts that apparently 
have not yet been submitted to kernel de- 
velopers. Pragya, the version I focus on 
here, is for the desktop. Itis based on 
Debian and in the latest version uses the 
Cinnamon desktop, although it formerly 
used Gnome. Its memory requirements 
are low (2GB RAM and 15GB memory) in 
keeping with its mandate to promote 
FOSS throughout India. 
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Educating Users 

The BOSS website makes few assump- 
tions about user knowledge. For in- 
stance, it includes a page about security 
that gives a high level summary of some 
of Linux's basics [4]. It starts with a 
summary about security patches, using 
bullet points to explain what they in- 
volve and to explain to novices that their 
purpose is to ensure that “all such hosts 
are up to date with released security” 
and that “there are no known security 
vulnerabilities.” The page goes on to ex- 
plain the choice of Debian as a founda- 
tion and to mention briefly BOSS's secu- 
rity tools, the BOSS releases, and its four 
year long-term support, as well as the 
use of apt. 

The BOSS site also lists Linux-compat- 
ible hardware - a subject that used to be 
more common a couple of decades ago, 
but that has become rarer since Linux 
has become more mainstream. The 
Peripherals Support drop-down menu 
covers desktops, laptops, scanners, and 
printers, but, for some reason, not WiFi 
or graphic cards. 


Exploring BOSS's Desktop 
BOSS has few innovations. Instead, its 
goal is a well-rounded, easy-to-use Op- 
erating system. With its low memory 
requirements, BOSS boots quickly. Its 
installer (Figure 1) offers live, graphi- 
cal, and command-line interface (CLI) 
options, as well as a dark theme, 
speech synthesis, and detailed installa- 
tion help. Support for numerous Indian 
languages is available, such as Nepali, 
Hindi, Punjabi, and Tamil, and the de- 
fault location is India. However, in 
keeping with the Indian's govern- 
ment's communication policy, the in- 
staller's default language is English. 
Throughout the installer, the emphasis 
is on the new user. There are no in- 
structions about how to generate a se- 
cure password, but the installer does 
suggest that new users choose a single 
partition. However, the choices for in- 
stalling GRUB are explained, so per- 
haps the installer is still in 
development. 

The BOSS desktop version, pragya, 
defaults to Linux Mint's Cinnamon 
desktop (Figure 2). Currently, no other 
desktop environments are available in 
the repositories - perhaps to prevent 
overwhelming novices - although most 


applications are 
Gnome-based, 
which tend to be 
simpler than, for 
instance, KDE's 
Plasma. The cu- 
rated selection of 
apps is mostly 
standard, with 
LibreOffice, for 
instance, for pro- 
ductivity, al- 
though BOSS 
does offer a 
choice of Synap- 
tic and GDebi for 
package manage- 
ment and Chro- 
mium and Firefox for web browsing. 


options. 


Not Just for India 
Here and there, BOSS has room for im- 
provement. However, considering its new- 
ness, that is not surprising. By and large, 
BOSS accomplishes what it sets out to do, 
providing a Linux for India's users and 
government infrastructure as well as the 
help that these goals require if they are to 
be a success. BOSS uses Linux as often 
theorized, but only occasionally realized. 
However, to recognize that is to give 
it qualified praise. BOSS is not only a 
distribution for the developing world, 
but an outstanding distribution for any 
user, especially beginners. Of all the 
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Figure 1: BOSS's installer gives a wide variety of 


countless distributions aimed at a new 
audience, BOSS is among the first that 
Il would recommend. HER 


Info 


[11 Linux market share in India: 
ttps://www. reddit. com/r/linux 
omments/198q3vw/linux_in_india 


as_1451_market_share/?rdt=6305. 
[2] BOSS Linux: lhttps:/bosslinux.in, 


[3] BOSS MOOL:|https://bosslinux.'in, 
downloadsA:-:text=BOSS%20MOOL8% 


text=MOOL%20aims%20at%20rede 


igning%20the,them%20as%20load.: 


able%20kernel%20modules 
[4] BOSS security: 


ttps://bosslinux.in/bosssecurit; 


Figure 2: The BOSS pragya version uses the Cinnamon desktop. 
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The new automatic installation method rolled out with Ubuntu 22.04 borrows some tools from the 
cloud configuration toolbox. We'll show you how to get started. By Ali Imran Nagori 


ave you ever wished that setting 

up an operating system could 

be faster and easier? This article 

describes how to install Ubuntu 
22.04 automatically. An automated in- 
stallation will save you time and effort, 
especially if you need to perform the in- 
stallation more than once. 

Pl] walk you through the task of setting 
up a preconfigured Ubuntu server that 
hosts the installation files from a pre- 
downloaded ISO while a virtual machine 
(VM) client boots in UEFI mode over the 
network. Prior to Ubuntu 20.04, Ubuntu's 
preferred method for automated installa- 
tion was to use Debian-Installer with a 
preseed file (preseed. cfg) defining the 
configuration. The new way to perform 
automatic installs on Ubuntu is to define 
the configuration using a YAML file and 
then use the cloud-init utility [1], which 
was created to support installation in the 
cloud, to set up the system. 


Getting Started 

The first step is to configure some ser- 
vices that will help find and deliver the 
installation files. These services include 
DNS, the naming service; DHCP, for IP 
address assignment; and Trivial File 
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Transfer Protocol (TFTP), for file transfer 
between the client and server and vice 
versa. Then P'1l set up a web server to 
provide configuration files for the system. 

To provide DHCP and DNS services for 
the network-based installation, I will use 
dnsmasq [2] as follows: 


$ sudo apt install dnsmasq -y 


Dnsmasgq is controlled via the /etc/dns- 
masq. conf file, so 
Pl make some ad- 
justments to fit the 
environment (List- 
ing 1). 

In Listing 1, 
interface=enp1sb 
specifies that the 
network card 


. «i¡nterface=enpl1s0 


bind-interfaces 


port=5353 specifies the port dnsmasq will 
use to listen for requests. The settings 
test in Listing 1 defines an address range 
and other values for the DHCP server. 

Pll restart dnsmasq so the changes will 
take effect: 


$ sudo systemctl restart dnsmasq 


Next, Pll grab the TFTP server from the 
repository: 


Listing 1: dnsmasq.conf 


dhcp-range=192.168.92.50,192.168.92.180,255.255.255.0,8h 
dhcp-option=option:router,192.168.92.1 


dhcp-option=option:dns-server,192.168.92.1 


ahcp-boot=bootx64.efi,192.168.92.55 


named enp1s8 will 
listen for DNS and 
DHCP requests, 
bind-interfaces 
tells dnsmasq to 
listen only on the 
interface it is 
bound to for DNS 
and DHCP re- 
quests, and 


port=5353 


Require all granted 


</Directory> 


Listing 2: /etc/lapache2/conf-available/tftp.conf 
<Directory /srv/tftp> 
Options +FollowSymLinks +Indexes 


Alias /tftp /srv/tftp 


Lead Image O Izflzf| 123RF.com 


$ sudo apt install tftpd-hpa 


TFTP is often used with automatic instal- 
lations as a way to transfer files from the 
server to the system where the installa- 

tion is taking place. P'1l need to define the 


TFTP_DIRECTORY in /etc/default/tftpd-hpa: 


$ cat /etc/default/tftpa-hpa 


TFTP_USERNAME="tftp" 
TFTP_DIRECTORY="/srv/tf£tp" 


Then, Pll restart the TFTP server: 
$ sudo systemctl restart tftpd-hpa 


IT then will install the Apache web server 
on the server system: 


$ sudo apt install apache2 


Pll create an Apache config file to share 
the TFTP root directory (Listing 2). 

Then P']l enable the new settings and 
restart the service to see if it's working 
as expected: 


$ sudo a2enconf tftp 


$ sudo systemctl restart apache2 


Preparing the Installation 
Files 

Now that I have the required services, 
it's time to load the fancy Ubuntu ISO 
file. First, '1l create a directory to keep 
the contents of the ISO file: 


$ sudo mkdir /mnt/iso_mount 


Next, PI] mount the ISO file using the 
loop device: 


$ sudo mount -o loop 2 
/put/your/iso/file/path/here 2 


/mnt/iso_mount 


Then Pl] create a new directory, 
server-files, inside /srv/tftp: 


$ sudo mkdir /srv/tftp/server-files 


Finally, I will copy the boot files to the 
server-files directory: 


$ sudo cp -a /mnt/iso_mount/. 2 


/srv/tftp/server-files 
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$ sudo cp -rf£ /mnt/iso_mount/* 2 
/srv/tftp/server-files 
$ sudo cp /mnt/iso_mount/casper/2 


ívmlinuz,initra) /srv/tftp/server-files 


Crafting the autoinstall 
Configuration 

Ubuntu's new autoinstall format lets 
you tell the system what to do in an 


information to cloud-init, for example, 
to install packages, create users, or run 
commands on the first boot of a 
launched instance. What you need to 
do is create the user-data file with the 
specifics in YAML syntax (Listing 3). 

In this case, the meta-data file is just 
an empty placeholder that cloud-init 
tries to find. When working with a cloud 
environment, the meta-data file would 


autoinstal! file, 
and then the in- 
staller takes care 
of the rest. 

You'!l need to 
create two simple 
files: 

e user-data 

e meta-data 
These files are 
also called cloud- 
config files. The 
cloud-config for- 
mat is used for 
writing configura- 
tion files in YAML 
syntax that the 
cloud-init utility 
will process. 

The cloud-init 
tool is used for the 
early initialization 
of cloud instances. 
It automates the 
configuration of 
new VMs on the 
first boot. The 
cloud-init tool 
also offers a com- 
mon method of 
configuring cloud 
instance VMs for 
all of the major 
cloud vendors. 
Ubuntu has been 
using cloud-init 
since version 
20.04 to automate 
its installation 
process. Ubuntu 
autoinstall uses 
the cloud-config 
files to specify 
how an OS should 
be installed and 
set up. 

The user-data 
file provides cloud 
configuration 


Listing 3: user-data 
Fcloud-config 
autoinstall: 


debconf-selections: tasksel tasksel/ 
first multiselect standard, 
ssh-server 


identity: 
hostname: cloud-vm 


password: 
"$6$exDY1mhSY4KUYCE/2$zmn9ToZwTKLhCw.b4/ 
b.ZRTIZM30JZ4Qr0Q220XJ8yk96xpcCofOkxKwuX1kqlLG/ 
yebJ1f8wxED22bTL4F46PO" 


realname: MuneerAhmed 
username: ubuntu 
keyboard: 
layout: us 
locale: en_US 
network: 
ethernets: 
any: 
addresses: 
- 192.168.92.40/24 
gateway4: 192.168.92.1 
match: 
name: en* 
nameservers: 
addresses: 
SS 8 1S 
version: 2 
storage: 
layout: 
name: lvm 


version: 1 


Listing 4: /srv/tftp/grub.cfg 


default=autoinstall 

timeout=10 

timeout_style=menu 

menuentry "Ubuntu-22.04" --id=autoinstall f 


linux /server-files/vmlinuz ip=dhcp 


urlihttp://192,168.92,55/tftp/server-files/ubuntlu- 


22.04.4-live-server-amd64.iso autoinstall 


ds='nocloud-net;$=http://192.168.92.55/tftp/servelr- 


files/' cloud-config-url=/dev/null root=/dev/ramo 
echo "Wait until the RAM disk loads..." 


initra /server-files/initrda 
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Matt until the RA disk 


The RAM disk loading up 


Server installation starts. 
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normally be filled with required 
information. 

To handle autoinstall, cloud-init 
works with cloud-conf ig files, plus 
user-data and meta-data. The user-data 
file gives each cloud instance its 
unique setup, and cloud-init makes 
sure that setup gets applied 
automatically. 

You have a number of options for 
how to provide cloud-init the data it 
needs [3]. '1l go the DIY route and use 
my own web server. Remember both 
the username and password for the 
server is ubuntu. The password is ac- 
tually a hashed version of the plain 
password. You will want to change 
these credentials if you are trying this 
configuration in the real world. 


Tweaking the GRUB Config 

File 

The GRUB menu allows the client ma- 

chine to choose the operating system 

to boot from. The GRUB file instructs 
the client to: 

1. Obtain an IP address from the DHCP 
server (dnsmasq, which 1 configured 
earlier). 

2. Point to the URL of the ISO file located 
on the Apache web server. 

3. Use the nocloud-net data source with 
the path to the user-data file for 
configuration. 

4. Load the compressed kernel (vmlinuz) 
and initial RAM disk (initrd) files 
from the TFTP server. 

5. Stop cloud-init from downloading the 
ISO file multiple times by setting 
cloud-config-url=/dev/null. 

Pl create a GRUB config file in the 
grub directory inside the root tftp direc- 

tory (Listing 4). 


UEFI Considerations 

The UEFI boot system built into most 
modern PCs requires several binary files 
[4]. Pll grab the signed shim binary and 
drop it into the TFTP directory: 


e 


ca /tmp 


e 


apt-get download shim.signed -y 


e 


sudo sh -c 'dpkg-deb --fsys-tarfile 2 
/tmp/shim-signed*deb | tar x ./usr/2 
lib/shim/shimx64.efi.signed.latest 2 
-0 > /srv/tftp/bootx64.efi' 


The same goes for the GRUB binary, 
which you'll also need to copy over: 
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e 


apt download grub-efi-amd64-signed 


e 


sudo sh -c 'dpkg-deb --fsys-tarfile 2 
/tmp/grub-efi-amd64-signed*deb | tar x 2 
./usr/1ib/grub/x86_64-efi-signea/2 
grubnetx64.efi.signed 2 

-0 > /srv/tftp/grubx64.efi' 


After that, Pl grab a font file for the 
GRUB setup, which will be served over 
TFTP: 


€ 


apt download grub-common 


e 


sudo sh -c 'dpkg-deb 3 
--fsys-tarfile grub-common*deb | 2 
tar x ./usr/share/grub/unicode.pf2 2 
-0 > /srv/tftp/unicode.pt2' 


AA rr El: 


Figure 4: Server login screen. 
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Testing It Out! 

Finally, P'11 set up a test machine in 

VMware with the Typical configuration 

and install later option. 1'1l choose the 

following settings for the VM: 

e Network adapter: Bridged (automatic, 
replicating a physical network connec- 
tion state) 

e Hard disk: 25GB (make sure you have 
sufficient space available on your host 
machine) 

e Firmware type: UEFI (set it under the 
Advanced option) 

Now it's time to push the VM start but- 

ton, and hopefully, the installer will 

present you with the pretty installation 


Pr AO A > > 


n F n" 


screen shown in Figure 1. Then the RAM 
disk loads (Figure 2) and the installation 
starts, which should normally proceed 
without any intervention (Figure 3). 
After the installation is complete, just 
hit the Enter key and you are ready to 
rock. You can log in to your new server 
using the username and password you 
specified in the user-data file (Figure 4). 


Wrapping Up 

This article described how to perform 
an automatic installation of Ubuntu 
22.04 using cloud-init and the new 
YAML-based configuration. This 
method saves you time and also en- 
sures consistency across multiple 
server installations. MEM 


Info 
[1] cloud-int: [https://help. ubuntu.com, 
community/CloudInit) 


[21 dnsmasgq: |https://thekelleys. org. u 
dnsmasq/doc.htm 


[3] Providing configuration to cloud-init 
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[4] Netbooting the Ubuntu Server in- 
staller on AMD64: 
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FAutomating Debian installations 


Easy Inst 


DebPostinstall takes the drudgery out of Debian installations. 


By Bruce Byfield 


t last count, Debian included 
over 64,400 packages [1]. Much 
of the reason for this number is 
the inclusion of multiple ver- 
sions of packages in different reposito- 
ries. Another is the packaging of doz- 
ens of scripts, often for Bash. There 
are, for example, several dozen APT-re- 
lated packages, some of which have 
been added to APT alternatives such as 
Nala. So far, the DebPostInstall [2] 


Listing 1: Basic DebPostinstall Script 


001 +! /usr/bin/env bash 
002 


008 HE ooo 


004 +; Script Name: DebPostInstall 
005 * Description: 


006 + 
Ubuntu 


A Bash Script to automate essential 


post-installation tasks on Debian and 


script has yet to reach the Debian re- 
positories, but it seems only a matter of 
time and a few more versions until it 
does. This simple script automates set- 
ting up a Debian-derived server, al- 
though it is almost equally handy for a 
desktop machine, and you will un- 
doubtedly want to modify it to meet 
your needs. 

In Debian jargon, post-install scripts 
are those that run at the end of a pack- 
age installation, 
so DebPostIn- 
stall is perhaps a 
misnomer. It 
does not run 
from any pack- 
age, but instead 
is a Bash script 
to run after an 


007 + Website: https://gist.github.com/ostechn1x] installation, 

008 + Version: dl. (0) handling config- 
009 + Usage: sudo ./debpostinstall.sh urations for 

O1O $ ono o which frequent 
011 installers often 
012 + Update the system maintain a 

013 echo "Updating the system..." checklist. Al- 
014 apt-get update ge apt-get full-upgrade -y though several 
015 apt-get autoremove -y té apt-get autoclean -y of its actions du- 
016 plicate those in 
017 + Install necessary packages the Debian in- 
018 echo "Installing necessary packages..." staller, DebPost- 
019 apt-get install -y sudo openssh-server ufw Install does have 


systemd-timesyncd vim htop net-tools curl wget git 
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the advantage of 


offering a chance to modify one of the 
quick choices of installation. 


Setting Up the Script 

To use DebPostInstall, copy the script 
into a text file. Modify it as desired, save 
it as debpostinstal1.sh, and run 


chmod +x debpostinstall.sh 
Then run the script as root. 


The Script's Stages 

The script (Listing 1) begins with the 
line +!/usr/bin/env bash, which identi- 
fies it as a Bash script. After updating 
the Debian repositories (lines 12-15), it 
gets down to business, installing the 
packages it requires and creating a sudo 
user and a public SSH key. It then dis- 
ables password authentication to the 
server and denies root access. If you are 
installing on a standalone machine 
rather than a server (or prefer not to use 
sudo), you can comment out or delete 
the lines for creating the new user. 

The next stanza (lines 72-75) set up an 
Uncomplicated Firewall (UFW). If you 
prefer another firewall, you can use it in- 
stead. Similarly, while the swap file cre- 
ated in the next stanza (lines 77-86) is 
adequate for many uses, you might want 
to change the allocated memory if you 
have an older machine or deal regularly 
with movies, graphics, or other large 
files. The same goes for the time stanza 
(lines 94-98) for time zones (enter time- 
datectl list-timezones for a list of 
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options.) The script ends by synchroniz- 
ing the time with systemd-timesyned 
(lines 100-103). The website adds in- 
structions for verifying the new configu- 
ration with a few short commands, but 
that is more of a precaution than a 
necessity. 


Future Possibilities 
With all Linux”s desktop environments, 
it may not be practical to add personal 


Command Line - DebPostinstall 


choices such as fonts and themes. How- 
ever, the current version of DebPostIn- 
stall is a useful framework to build on 
for those who want to minimize the 
drudgery of installation. You may want 
to check the website for updates, or, if 
your Bash scripting skills are equal to 
the task, make your own additions. For 
instance, you might might want to add 
antivirus or anti-spam software or lines 
to set up the email program of your 


Listing 1: Basic DebPostInstall Script (continued) 


020 


021 + Prompt for username 


choice. Still, the basic idea of DebPostIn- 
stall is sound, even though one script is 
unlikely to suffice for everybody. MEM 


Info 
[1] The number of Debian Packages: 


ttps://www.debian.org/releases, 
stable/ama64/release-notes, 


[2] DebPostInstall: [https://ostechnix.com, 
debian-ubuntu-post-install-scrip 


062 + Disable password authentication to the server 


063 echo "Disabling password authentication..."” 


022 read -p "Enter the username for the new user: '" USERNAME 064 sed -i 's/f+PasswordAuthentication yes/ 
PasswordAuthentication no/' /etc/ssh/sshd_config 


023 
024 + Check if the user already exists 


025 if id "$USERNAME" £>/dev/null; then 
026 echo "User $USERNAME already exists. 


creation." 
027 else 
028 + Prompt for password 


065 systemctl restart sshd 


066 


Skipping user 067 + Deny root login to the server 


068 echo "Denying root login..." 


069 sed -i 's/fPermitRootLogin prohibit-password/ 
PermitRootLogin no/' /etc/ssh/sshd_config 


029 read -s -p "Enter the password for the new user: " 070 systemctl restart sshd 
PASSWORD 071 
030 echo 


072 $ Setup Uncomplicated Firewall (UFW) 


031 read -s -p "Confirm the password for the new user: " 


PASSWORD_CONFIRM 
032 echo 
033 
034 %* Check if passwords match 
035 if [ "$PASSWORD" != 


'"$PASSWORD_CONFIRM" ]; then 


073 echo "Setting up Uncomplicated Firewall (UFW)..." 


074 ufw allow OpenSSH 


075 ufw --force enable 


076 


077 $ Create Swap file based on machine's installed memory 


036 echo "Passwords do not match. Exiting." 078 echo "Creating Swap file..." 
037 exit 1 079 TOTAL MEM=$(free -m | awk '/”"Mem:/fprint $2)') 
038 fi 080 if [ "$TOTAL_MEM" -le 2048 ]; then 
039 081 SWAP_SIZE=1024 
040 %* Add a new user account with sudo access and set the 082 elif [ "$TOTAL_MEM" -le 8192 ]; then 
LOSE 083 SWAP SIZE=2048 


041 echo "Adding new user account..." 
042  useradd -m -s /bin/bash -G sudo $USERNAME 
043 echo "$USERNAME: $PASSWORD" | chpasswd 


o44 fi 
045 
046 + Prompt for public SSH key 


084 else 


086 fi 
087 


085 SWAP_SIZE=4096 


088 da if=/dev/zero of=/swapfile bs=1M count=$SWAP_SIZE 
089 chmod 600 /swaptfile 


047 read -p "Enter the public SSH key for the new user: " 


SSH_KEY 
048 


049 + Add a public SSH key for the new user account, avoiding 


duplicates 
050 echo "Adding public SSH key..." 
051 mkdir -p /home/+USERNAME/.ssh 


090 mkswap /swapfile 
091 swapon /swapfile 


093 


092 echo '/swapfile none swap sw O O0' 


| tee -a /etc/fstab 


094 f Setup the timezone for the server (Default value is 


"Asia/Kolkata") 


052 if ! grep -qFx "$SSH_KEY" /home/$USERNAME/.ssh/ 095 echo "Setting up timezone..."” 


authorized_keys; then 


053 echo "$SSH_KEY" >> /home/$USERNAME/.ssh/authorized_keys 
054 echo "SSH key added successfully." 


055 else 


OSTET 
058 chmod 700 /home/$USERNAME/.ssh 


059 chmod 600 /home/$USERNAME/.ssh/authorized_keys 


096 read -p "Enter the timezone for the server (default is 


Asia/Kolkata): '" TIMEZONE 


097 TIMEZONE=$(TIMEZONE:-"Asia/Kolkata"]j 


098 timedatectl set-timezone $TIMEZONE 
056 echo '"SSH key already exists in authorized_keys file." 099 


100 + Set up time synchronization with systemd-timesyncd 


101 echo "Setting up time synchronization with 


systemd-timesyncd..." 


060 chown -R $USERNAME: $USERNAME /home/$USERNAME/.ssh 102 systemctl enable systemd-timesyncd 


061 


103 systemctl start systemd-timesyncd 


Transcoding with CasaOS 


Transcode your video 
library with ease 


V 


You can set up an automatic transcoding tool with CasaOS, HandBrake, FileBrowser, and HAProxy, 
to transcode your video library with ease. We show you how to get started. By Adam Dix 


teacher at my school re- 

cently had an interesting re- 

quest. He had hundreds of vid- 

eos that he had made during 
COVID-19 that needed to have their file 
size reduced. The only easy way he 
could find to do it was by using the on- 
line Adobe transcoding service, which 
meant that he was transcoding one video 
at a time. As you can imagine, it was 
cumbersome and time consuming. He 
asked if there was some better way, and, 
of course, I immediately thought of 
HandBrake [1]. HandBrake (Figure 1), 
an open source video transcoding soft- 
ware, supports virtually all of the popu- 
lar video formats, codecs, and 
containers. 

Transcoding takes a video file and 
converts it to a more suitable format 
for a given application. This can mean 
changing one or several of the video's 
characteristics, such as resolution, bi- 
trate, codec, container, encoded 
audio, subtitles, or color space. With 
my colleague”s files, the file size of 
each video could be reduced, while 
still maintaining high enough quality 
that the viewers wouldn't be missing 


50 NOVEMBER 2024 


out on any meaningful content, by 
transcoding the video files from 1080p 
x264 MP4 format down to 720p x265 
MP4 format files. 

HandBrake works on all three major 
platforms and can deal with nearly any 
video file. However, it isn't for the faint 
of heart. I knew right away that it wasn't 
something that my colleague would be 
keen to learn, which gave me the idea 
of using a feature in HandBrake that 
watches a directory, automatically 
transcodes any video files added to that 
directory into a predetermined format, 
then outputs that transcoded file into an 
output directory. 

Once I chose HandBrake as the trans- 
coding software, 1 needed to determine 
the best way to present HandBrake to the 
user without needing to teach the ins and 
outs of video transcoding. This is where 
CasaOS [2] comes into play. CasaOS is a 
platform that can be installed onto a 
basic Ubuntu Server [3] installation by 
running a one-line command that gives 
users access to premade Docker contain- 
ers. These containers can then be quickly 
and easily customized and deployed 
through the CasaOS interface, which is 


accessed as a simple web server on your 
local network. 

I created a file share that my user could 
log into with only two folders: a uatch 
folder and an output folder. With this file 
share, my user can upload as many 
video files as desired and then check 
back a few hours later to download the 
transcoded results without needing to 
know anything about the actual process 
taking place behind the scenes. 

I decided to use CasaOS as a starting 
point because it includes File Browser [4], 
which works well for creating and shar- 
ing directories, and it comes with the 
ability to install HandBrake with just a 
few clicks. Additionally, in order to ex- 
pose File Browser to the Internet, you 
would normally need a reverse proxy. 
Although I use HAProxy [5] as a reverse 
proxy here (for reasons 1 get into later), 
CasaOS also includes NGINX Proxy Man- 
ager [6], which functions as a reverse 
proxy. As a result, this could all be done 
on a single virtual machine (VM) or 
even a Linux container. 

In this article, I will explain how to: 

e Install Ubuntu either on bare metal or 

ina VM 
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e Install CasaOS onto your Ubuntu 
installation 

e Install HandBrake within CasaOS 

e Connect File Browser within CasaOS 
with HandBrake 

e Create users for File Browser 

e Use a reverse proxy to put File Browser 
onto the Internet for users 


Requirements 

At a minimum, I would recommend 
using a machine with four cores and 
8GB of memory along with a dedicated 
1Gb network port. Personally, I used 
eight cores and 16GB of memory with a 
10Gb network interface card (NIC), but 
it can be done with less. I will not get 
into transcoding with a graphics card in 
HandBrake (see the HandBrake site for 
information on GPU transcoding). 

Disk space and type is something to 
consider carefully. If you use solid-state 
drives (SSDs) for storing the files to be 
transcoded and the resultant files, then 
you run the risk of burning them up 
quickly with lots of heavy writes and 
reads. SSDs are also costly per terabyte 
compared to hard disk drives (HDDs). 
That said, traditional HDDs will be inex- 
pensive per gigabyte and don't have the 
problem of cell death, but they are slow 
and use more energy. If you don't expect 
to see network speeds above 1Gb, then I 
recommend not worrying about speed 
and buying traditional hard drives in- 
stead. HDD energy usage will be tiny 
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compared to your CPU usage. On the 
other hand, if the transcoder will only be 
used on a local network where you ex- 
pect to saturate a 1Gb connection or 
have something faster such as 2.5Gb or 
10Gb, then buy the cheapest SATA SSDs 
you can find along with spares expecting 
to have to replace them occasionally. 
You can test out how long they last and 
adjust your scheme as needed. Don't 
waste your money on Non-Volatile Mem- 
ory Express (NVME) for this application 
because you won't see the benefits. I 
would also use a fast SSD for the CasaOS 
installation itself and slower, larger 
HDDs for the storage of the files to be 
transcoded if possible. 

Apart from the requirements for 
CasaO0S, you will also need a proxy 
server. My setup runs HAProxy with two 
cores and 4Gb of memory on an 8GB 
disk, which is more than enough for this 
and other services that I have. You can 
use the same virtual NIC if running these 
as VMs. If not, connect them to the same 
Layer 2 switch if possible. With the goal 
of reducing any possible bottlenecks, 
you need to consider the connection 
from CasaOS to the proxy, the proxy to 
your router, and then ultimately out to 
the Internet from the router. 


Ubuntu Installation 

I will start out with two generic Ubuntu 
Server installations - you can do this 
using only CasaOS with the built-in File 
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Browser, HandBrake, and NGINX Proxy 
Manager, but that isn't how 1 set up 
mine. For me (and perhaps for you), it 
made more sense to use a separate in- 
stance of Ubuntu running HAProxy to 
make sure that HAProxy always has the 
resources it needs because I have other 
services proxied through it. With that in 
mind, one VM will be for CasaOS itself 
and one will be for HAProxy. I won't get 
into the details of an Ubuntu install, but 
I have the following recommendations: 
e Seta static IP address for both the 
CasaOS server and one for the reverse 
proxy and reserve them in your DHCP 
router. I always do both a static IP and 
a reservation just in case I change my 
router setup in the future. 

e Install Cockpit (Figure 2) and cockpit- 
pcp from the Ubuntu repos and cock- 
pit-navigator from the 45-Drives repo 
on each Ubuntu instance, because it 
just makes everything so much easier. 

e Turn on the firewall on the CasaOS 
Server! You will need to allow a few 
ports for SSH, Cockpit, CasaOS, 
HandBrake, and File Browser, but 
only File Browser will be passed 
through the reverse proxy to your 
WAN connection; the others are for 
local connection only. 

e Using Proxmox for both can be a good 
option so that you can have CasaOS 
installed on one VM and HAProxy on 
another VM. This way, everything is in 
one physical box, but resources are 
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Figure 1: The HandBrake main window. 
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Figure 2: The Cockpit web interface with Ubuntu Server installed. 


allocated as needed to each VM - this 
isn't required but it makes resource al- 
location easier. 

e Turn on the firewall for HAProxy and 
add Fail2Ban to it as well. 

e Tam not responsible for what happens 
if you do choose to expose this to the 
Internet! 

e Make sure that you know who your 
users are and what they're transcod- 
ing — the last thing you want is ob- 
jectionable or illegal content on a 
server in your control or, even worse, 
at your residence. 


CasaOS Install and Setup 
With Proxmox [7] (optional) and your 
two Ubuntu installations installed, P'l1 
move on to installing CasaOS. From the 
CasaOS website, run their simple 
installer: 


sudo apt update «8 sudo apt upgrade 
curl -fsSL[https://get.casaos.id | 2 


sudo bash 


Once CasaOS (Figure 3) is up and run- 
ning, open the admin interface by going 
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to the device's IP address. Log in and set 
up your account as desired. 

To install HandBrake, click on App 
Store, scroll down until you find hand- 
brake, and click on Install. This part is 
all pretty intuitive; if you”ve made it 
through the Ubuntu installations, then I 
expect you'1l be able to get HandBrake 
up and running without a problem. 

HandBrake can then be accessed by 
going to http://[yourIPaddress|:5800. If 
you cannot access HandBrake, then you 
will want to open the Ubuntu VM contain- 
ing CasaOS either with SSH or through the 
Cockpit Terminal (if you installed Cockpit 
as recommended with sudo apt install 
cockpit) and add an exclusion for port 
5800 in the UFW firewall. If you don't al- 
ready have the firewall turned on, then 
now is a good time to do so: 


sudo ufw allow 5800 
sudo ufw allow http 
sudo ufw allow https 
sudo ufw allow OpensSsH 
sudo ufw allow 9090 


sudo ufw allow 10180 


sudo ufw enable 
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This will enable access for ports 80 and 
443 for HTTP and HTTPS access, respec- 
tively, port 22 for SSH access, port 9090 
for Cockpit, and ports 5800 and 10180 for 
HandBrake and File Browser. Note that 
this only gives access on your local net- 
work so far. I will connect the File 
Browser app to HAProxy shortly, and 
HandBrake will not be directly connected 
to the reverse proxy, so, for now, this is 
all that is required for firewall exclusions. 

At this point, you will want to set up 
your user within File Browser. 1 cannot 
stress this enough: Make sure that you 
know who you are giving access. This 
may sound dramatic, but if you wouldn't 
trust them to watch your kids then don't 
trust them with your share. Open up File 
Browser from the CasaOS admin console 
by clicking on its icon and log in as 
admin. Because File Browser is included 
with CasaOS, which is just what Il need 
for this application, there is no need to 
install anything more from the CasaOS 
console. 

Once inside of File Browser, change 
your admin credentials and log back in 
with your new credentials for admin 
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Figure 3: The CasaOS main window. 


(Figure 4). Navigate to Settings and then 

to User Management and create a user 

named handbrake with a password to be 

shared with your users (not a password 

that you use elsewhere). Under the op- 

tion named Scope, enter /AppData/hand- 

brake/user/. Make sure that the hand- 

brake user is not an administrator. You 

will need to give them permissions to 

download and create files, but you might (18) 

not want to give any other permissions. 
Note however that only giving down- 

load and creation permissions means == 

you will need to occasionally purge the 

files in the input and output folders. You 

can set up a cron job to purge these files 

for you occasionally, but note that any 

work in progress will be lost if the cron 

job runs while there is work being trans- 

coded. For that matter, anything which 

was transcoded but not yet downloaded 

will be lost as well. You could give users 

the ability to delete files themselves, but 

if you have multiple users then it may re-  L Si 

sult in users deleting others” content. Figure 4: The File Browser login screen. 


File Browser 


[EINUX-MAGAZINE.COM] 53 


MN? Transcoding with CasaOS 


This is a simple and quick solution, not 
necessarily a perfect one. You can get 
around this by using multiple instances 
with each user getting a different in- 
stance, but adding that kind of complex- 
ity is beyond the scope of this article. 

Once you have created the handbrake 
user in File Browser, you need to open 
File Browser as admin and add the 
folders /AppData/handbrake/user/input 
and /AppData/handbrake/user/output. 
The input folder is where you will up- 
load your videos to be transcoded and 
the output folder is where you will 
download the finalized transcoded files. 
You will need to be sure that users don't 
delete these directories (another reason 
why you might not want to give them 
the delete permission). Within the 
Ubuntu installation containing CasaOS, 
make sure that permissions are set so 
that File Browser can write to the user 
folders by running 


sudo chmod 777 /DATA/AppData/2 


handbrake/user 


Because users will be granted permis- 
sions directly by the File Browser app it- 
self, this shouldn't be a security concern 
as long as you have control of the local 
resources and local Ubuntu installation. 
Now, P'1l set up HandBrake to play 
nice with File Browser (Figure 5). Within 
the CasaOS admin console, mouse over 
the HandBrake icon until you see the 
three dots in the upper-right corner. 
Click on the dots and then choose Set- 
tings. Within Settings, you need to type 
in the paths to the two folders you just 
created, one for watch (input) and one 


for the output (aptly named output). In 
the HandBrake settings, enter 


/DATA/AppData/handbrake/user/input 
for the watch folder and 
/DATA/AppData/handbrake/user/output 


for the output folder. Everything else 
there should be fine. 

Now open the HandBrake app to set 
the defaults within the program. I won't 
get into how to use HandBrake, but you 
will want to set defaults to meet both 
your needs and your users. If you need 
multiple defaults, then you could use 
multiple instances with a different sub- 
domain and entry in HAProxy. How- 
ever, for this article, 11l assume you 
have one set of defaults that all videos 
will be transcoded into. For instance, 
you might want to set it so that any 
video dropped into the input directory 
will be converted to 720p resolution at 
30 frames per second using the x265 
codec and the MPEG-4 container, with 
BT.709 color space and simple 2.0 chan- 
nel audio, which will result in files that 
have a small file size and reasonable 
quality, as well as being fairly universal 
in that most current media players have 
the capability to play a file with those 
characteristics. If you have problems 
with playback, then perhaps change to 
the x264 codec with the trade-off being 
slightly larger file sizes. If you prefer a 
better viewing experience, then perhaps 
jump to 1080p and even 60 frames per 
second. Do note, however, that if a file 
is input at only 720p and then 


transcoded to 1080p, the quality won't 
be improved, but it will result in a 
larger file size nevertheless. 1 recom- 
mend thinking of transcoding from the 
standpoint of the lowest common de- 
nominator and going from there. 

You can now close HandBrake and 
open the File Browser app by clicking on 
the icon in the CasaOS admin console. 
Log in as the handbrake user with the 
password you set for that user and try to 
upload a video. A few moments later, 
you should find a video with the same 
file name (assuming you set HandBrake 
up to name files that way) with the .mp4 
file type in the output folder. Transcode 
time will of course depend on the 
CasaOS server's hardware and resource 
allocation and whether or not GPU trans- 
coding is being used. Once completed, 
download that video from the output 
folder and check that it was properly 
transcoded and that it plays well. 

At this point, you're about 80 percent 
of the way there! If you only need to use 
HandBrake locally, then you can stop 
here. However, I would argue that if you 
are only intending to use HandBrake lo- 
cally, then it would probably make more 
sense to set up an SMB or NFS file share 
for your watch and output folders and put 
the files you want transcoded there. For 
that matter, you could always install 
Samba on your CasaOS server and lo- 
cally share your folders that way while 
still using File Browser to remotely serve 
files. There are many different ways to 
tackle this particular process. I'1l assume 
that you intend to offer transcoding re- 
motely from a web browser and move on 
with that in mind. 
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Figure 5: The File Browser simple file-sharing program. 
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HAProxy Install and Setup 


On the second Ubuntu device or VM, in- 
stall HAProxy using 


Listing 1: HAProxy Config File 


01 global 
02 log /dev/log localo 
03 log /dev/log local1 notice 


04 chroot /var/lib/haproxy 


sudo apt update éé sudo apt upgrade 
sudo apt update gg sudo apt install 2 


haproxy 


05 stats socket /run/haproxy/admin.sock mode 660 level admin 


06 stats timeout 30s 

(017 user haproxy 

08 group haproxy 

09 daemon 

10  ca-base /etc/ss1/certs 


all crt-base /etc/ss1/private 


12 ss1-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256 


: ECDHE-RSA-AES128-GCM-SHA256 : ECDHE-ECDSA-AES256-GCM-SHA384 
: ECDHE-RSA-AES256-GCM-SHA384 : ECDHE-ECDSA-CHACHA20-POLY1305 
: ECDHE-RSA-CHACHA20-POLY1305 : DHE-RSA-AES128-GCM-SHA256 

: DHE-RSA-AES256-GCM-SHA384 


3 ss1-default-bind-ciphersuites TLS_AES_128_GCM_SHA256 
:TLS_AES_256_GCM_SHA384: TLS_CHACHA20_POLY1305_SHA256 


4 ss1-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets 


6 defaults 
Y log global 


8 mode http 


E) option httplog 


20 option dontlognull 


21 timeout client 10s 

22 timeout connect 5s 

23 timeout server 10s 

24 timeout http-request 10s 
25 option http-buffer-request 


26 errorfile 400 /etc/haproxy/errors/u00. 
27 errorfile 403 /etc/haproxy/errors/u403. 
28 errorfile 408 /etc/haproxy/errors/u408. 
29 errorfile 500 /etc/haproxy/errors/500. 
30  errorfile 502 /etc/haproxy/errors/5302. 


31 errorfile 503 /etc/haproxy/errors/503. 


32 errorfile 504 /etc/haproxy/errors/504. 


34 frontend mywebservers 
35 mode http 
36 bind *:80 


37 bind *:443 ssl crt /etc/ss1/hereswhereyouputyourcertificate.pem 


38 redirect scheme https if !f ssl_fc ] 


39  use_backend merhabairem if ([ req.hdr(host) -i ranstodes MyWeopage. com 


41 backend merhabairem 


42 mode http 


http 
http 
http 
http 
http 


http 


http 


43 http-request redirect scheme https unless ([ ssl_fc ) 


Yu server si 10 40.192: 10180 
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You will need to turn on the firewall and 
allow a few ports as we did previously 
with CasaOS: 


sudo ufw allow http 
sudo ufw allow https 
sudo ufw allow OpenSSH 
sudo ufw allow 9090 


sudo ufw enable 


There are fewer things to expose through 
the firewall here: port 80 for HTTP and 
port 443 for HTTPS, which will be port 
forwarded in your router to the Internet; 
port 22 for local SSH connection; and 
port 9090 for Cockpit are the only ports 
that need to be opened here. Don't fret — 
your main network firewall should still 
protect your HAProxy instance against 
intruders trying to SSH into your Ubuntu 
devices. Next, install Fail2Ban for some 
protection against bad actors doing 
things like distributed denial-of-service 
(DDoS) attacks on your server: 


sudo apt install fail2ban 


Fail2Ban offers many options that you 
might want to implement. I won't get 
into those options here, but see the 
Fail2Ban documentation [8] for more 
information. 

I will now set up HAProxy to allow it 
to forward your CasaOS File Browser to 
the Internet. Open /etc/haproxy/haproxy. 
cfg with the Cockpit Navigator plugin 
that you installed onto each Ubuntu in- 
stance earlier. Listing 1 shows my con- 
fig file for HAProxy with my other ser- 
vices and some personal information 
removed. For brevity, I also removed 
notes and a few other lines, but you'll 
find the most important information in 
Listing 1. This will give you an idea of 
what your HAProxy config file should 
look like. 

Note that you can name the back end 
whatever you want as long as you are 
consistent (1 have named mine merha- 
bairem to demonstrate it can be anything 
apart from reserved names). The nice 
thing about using HAProxy in its own 
separate VM or physical device is that 
you can also add other back ends with- 
out degrading the performance of Hand- 
Brake or File Browser. For instance, if 
you wanted to run an instance of 
SearXNG from within CasaOS, then you 
can expose it to the Internet using 
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HAProxy along with a new back end and 
a different subdomain of your domain. 
You will have your own publicly avail- 
able search engine to use. CasaOS has a 
lot of web apps that you may find you 
want exposed through HAProxy. 


Additional Considerations 
In part for brevity and because of the 
scope of this article, 1 have omitted a lot 
of bits even if they are needed. For in- 
stance, to put this transcoder onto the 
Internet, you will need to purchase a do- 
main, which will also mean connecting 
your IP address to that domain within 
the domain registrar's admin interface. 
You will also want either a static IP 
(which I personally do not recommend 
for personal use) or a Dynamic DNS 
(DDNS) service, which occasionally 
checks to see if your IP address matches 
with your domain and updates your reg- 
istrar's DNS record for your domain 
when your ISP changes that IP address. 

Ideally, you will also want a certificate 
for your HAProxy instance, which you 
can get by using a service such as Let's 
Encrypt to avoid getting the trust warn- 
ing when connecting to your transcoder 
through a web browser. You will also 
need to port forward ports 80 and 443 
from your router to your HAProxy 


instance so that your router knows 
where to send the traffic that comes into 
your IP address. 

What I have set up here is enough to 
connect to the file share locally for trans- 
coding and sets up HAProxy so that it is 
ready to be put onto the Internet. Because 
there are so many different possible com- 
binations of setup steps depending on 
your registrar, ISP, and router, 1 can't say 
for sure what exactly will work for you. 1 
strongly recommend reading up on your 
router to learn about port forwarding, on 
HAProxy for other possible required op- 
tions, and on the available options for 
creating a certificate for the HAProxy re- 
verse proxy with a service such as Let's 
Encrypt or your registrar's internal certifi- 
cate service, and going from there. You 
also should set up a DDNS service with 
your registrar and get your domain con- 
nected to your IP address. 


Conclusions 

This article gets the transcoding service 
working, but you will need to fill in 
some gaps based on your needs. If you 
just want to use the transcoder locally, 
you can stop after creating the CasaOS 
setup and installing HandBrake and ei- 
ther Samba or File Browser. However, if 
you need to access the transcoder 


remotely, then you still have some 
homework. With that, good luck and 
have fun with your new automatic trans- 
coding tool! MMM 
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Bits of JavaScript from a malicious website can put your browser in a trance. A tool called BeEF 
encapsulates that power in a most diabolical way, providing yet another reason to avoid 
unknown links and keep your browser up to date. By Chris Binnie 


eb browsers have become 
so ubiquitous that they are 
installed on almost every 
Internet-connected device 
with a user interface. Because of this 
popularity, browsers are a very attractive 
target for attackers. 

A 2023 article on the Dark Reading 
website [1] discusses a study by Spin. 
Al. The study analyzed around 300,000 
browser extensions for several browsers 
that use Chromium under the bonnet, 
such as Google Chrome and Microsoft 
Edge. A staggering 51 percent of the ex- 
tensions presented a high risk to users. 
The study apparently found that the 
“extensions all had the ability to cap- 
ture sensitive data from enterprise apps, 
run malicious JavaScript, and surrepti- 
tiously send protected data including 
banking details and login credentials to 
external parties.” 

The complexity of modern browsers 
increases their attack surface greatly, 
and the threats that their developers 
must counter should not be underesti- 
mated. For a number of years, both 
Firefox and Google Chrome have made 
use of sophisticated sandboxing tech- 
niques to provide a number of isolation 
advantages [2]. 
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Bearing in mind the challenges and 
the reality of serious threats, an offen- 
sive security tool used for pen testing 
leapt off the page at me recently. The 
tool takes advantage of how users in- 
teract with the web pages that they 
visit. 

This article describes how an at- 
tacker can hijack an ordinary browser. 
After looking at some common attack 
techniques, the attack tool 1'1l look at 
is known as BeEF, which stands for 
the Browser Exploitation Framework. 
According to the BeEF GitHub reposi- 
tory [3], “Unlike other security frame- 
works, BeEF looks past the hardened 
network perimeter and client system 
and examines exploitability within the 
context of the one open door: the web 
browser.” 


On your Marks 

I'll install BeEF on an Ubuntu Linux 
22.04 system inside a VM. The docu- 
mentation states that you can use BeEF 
on any machine capable of supporting 
Ruby v3.0+ or NodeJS, but macOS 
and Linux are officially supported. 
There's also a Docker container route, 
which should make for an easier way 
with package dependencies. 


To install BeEF, start by cloning the re- 
pository and running the installation script: 


$ git clone[https://github.com/P 
beefproject/beef.git 
$ cd beef; ./install 


You are then presented with some very 
welcome ASCII art. Two guesses what 
the logo depicts (Figure 1). 

At the foot of the output, under the 
BeEF logo, a number of steps continue 


Figure 1: ASCII art for the BeEF 
installer echoes the beef theme. 
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Figure 2: Getting started with the BeEF UI. 


the installation. The sophistication of the 
installation script is impressive. In 
Ubuntu Linux, I am offered a choice to 
install packages that will take up a siz- 
able 347MB (which is not entirely sur- 
prising for a minimum Ubuntu installa- 
tion on the VM). Following the package 
update, the installer uses another circa 
60MB of disk space for setting up a few 
additional Ruby packages. 


Hitting the Go Button 
When the installation completes, have a 
look at the contents of the config. yaml 
file, which contains some useful configu- 
ration options, such as enabling debug- 
ging and restricting network addresses. 
The default credentials shown in config. 
yaml are: 
user: "beef" 


password: "beef" 


You'1l need to change the password be- 
fore running BeEF. Enter the following 
command: 


$ ./beef 


and BeEF will output a number of set- 
tings, including a key for the RESTful 
API and an HTTP Proxy. The UI for BeEF 
(not the HTTP Proxy) is presented over 
TCP port 3000: 


http://localhost:3000/ui/panel 


Enter the username and password at the 
prompt. Once you are logged in, you are 
presented with the view in Figure 2. 

The helpful Getting Started tab ex- 
plains the concept of hooking a browser. 
Hooking is when the attacker injects 
some JavaScript into a webpage with the 
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tricky-looking JavaScript, which appar- 
ently allows you to hook any page that 
you are currently visiting. Once hooked, 
BeEF acts as the command and control 
machine to provide attackers with the 
tools to do their damage. 


NIE Hook, Line, and Sinker 

In Figure 4, you can see the Ul version of 
the output from the terminal: a graphical 
representation with a couple of question 
marks (for the unknown browser name/ 
type and hardware type), along with a 
welcoming Tux penguin icon showing 
that Pm using Linux and displaying the 
internal IP address that I'm using to con- 
nect to the VM. 

If I click onto the browser entry, the UI 
springs to life and gives me a myriad of 
options, such as exploits and specific de- 
tails about the version of the browser. 1 
can see what extensions and capabilities 
are available and some of the routes that 
BeEF might take to attack my version of 
Google Chrome. 

Once I have selected a module and 
added some configuration, I can then 
click an Execute button that appears on 
the right-hand side to run the module 
against the browser. The modules for a 
target browser are classified by their 
expected effectiveness, as shown in 
Figure 5. 
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aim of gaining a degree of control. The 
first task is to click the demo link and 
check back to the terminal that I ran the 
BeEF server in. In Figure 3, you can see 
the Google Chrome browser that Il am 
using is well and truly hooked. 

The eagle-eyed among you will spot 
the “Invalid browser name?” error. If my 
memory serves, having watched the 
YouTube video, this is because Chrome 
has privacy settings that don't identify 
it in the same way as other browsers. 
The video denotes the browser name 
as “UN” which seems to stand for 
“unknown.” 

There's also a “Hook Me!” bookmark- 
let link, which you can use as a book- 
mark. The link contains some 


Figure 3: Addictive, this BeEF stuff — I'm hooked. 
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Figure 4: Ul version of the terminal output. 
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Listing 1: Simple HTML Page with JavaScript 


td A 


<html> 
[de O le Mhoméechrshookline-and-nker. html <head> <script src=TBHp://221.0.0. 1000/00. 152 
] type='text/javascript'></script></head> 
ñ Af dl <body>Hook, line and sinker! </body> 
Hook, fine and sinker! y > /body 
</teml> 


Figure 6: Firefox has loaded the poisoned page and is hooked. ] 


Real-World Examples unknown, but interestingly, the ver- Under the Modules option, select So- 
The demo page promises to let you sion matches my Firefox version (116.0 cial Engineering | Petty Theft | Dialog 
“Have fun while your browser is work- in this case). Type: LinkedIn. In Figure 7, you can 
ing against you.” The sophisticated BeEF Next, P'll demonstrate a relatively see the configuration setting in the 
knows about and logs all the user's simple social engineering attack. BeEF UL. 
clicks, double-clicks, and mouse-over ac- 
tivity. For further clarity about how a | Pretiy Theft 
browser can get hooked, 1'1l create some | 
simple HTML based on a page in the Description: ásks the ser for theirusername and password using a foating q 
BeEF wiki [4] (Listing 1). 

Listing 1 loads the hook. js JavaScript ho B 
file to snag a browser. Once the page is 
visited, the browser is hooked and BeEF | Gialog Type: Linked hn e 
has control. | 

P'm going to save the contents of | Baehorg rey dl 
Listing 1 locally to a file called 


SS ; | Custom Logo http:1010.0,0,0:3000/W'medialiÍmages'beef pra 
hook-Tine-and-sinker.hitml and load it | (Generic onty) 


in my browser, as shown in Figure 6. | AA == 
Again, the browser is showing as Figure 7: Petty theft configuration. 
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Figure 9: Another petty theft 
option in action. 


interval. The default setting will take 20 
pictures, 1 picture per second.” 

Once the user has been convinced to 
click the Allow button, a JPEG image is 
saved. Itis also possible to adjust the 


Figure 8: Social Engineering with an authentic-looking login pop-up. 


Figure 8 shows the resulting pop-up 
in my Firefox browser. As you can see, 
a fake login screen asks the user to 
supply their email and LinkedIn 
password. 


explains, “You can customize how many 
pictures you want to take and in which 


| Fable Flash LUpcare | 


Descipioo; Propia he use do install an update do Adobe Flash Player rom de specited LIRL. 
What happens if I pretend to log in 
now? I click on the middle pane in the bl: =0 
BeEF Ul under Module Results History, 
enter my credentials, and the following ci Mip/10.0.0.03000/adobeMash_updala.prg 
text appears: Payioad LIE htipaoMácmain Hd 


Figure 10: The Fake Flash Update module. 


data answer:chrisfdomain.tld: 2 


nothingtoseehere 


In this case, BeEF captured my email 


address and LinkedIn password. If you 
are a frequent user of online services, 
are you worried yet? There's also an au- 
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thentic-looking Facebook pop-up, as 6h ao GA SAP 
shown in Figure 9. BeEF also provides a 
module for phishing Google credentials 


with a fake Gmail login page [5]. 


Didi cs hortera... 


* Thelop 10 Facebook gamas 159 ha Fast Player. To 500 mom, 
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+ Mos ol ha top video sdes on ho ob me Flash Pleper 
Fake Flash «Flash Plieyor la inataled ón over 1.9 biien bonreciód PCa 
Now Pl try another worrying piece of 
functionality that could cause the vic- 
tim all sorts of problems. Select Social 
Engineering | Fake Flash Update to ac- 
cess the Fake Flash Update module (Fig- 
ure 10). Enter a URL for the payload in 
Figure 10, and the INSTALL button 
shown in Figure 11 pushes the user to a 
URL of your choice. 
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Figure 11: The resulting pop-up that the user sees. 


Fako HNotificaños Ear (Eiredoa]) 


You're Barred 

What about popping up a fake add-on in- 
stallation bar? Figure 12 shows the config- 
uration side and Figure 13 is what Firefox 
shows the user. You can point the Install til 165 
plug-in? button to any URL you wish. 
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BeEF can also take control of a user's 
webcam via the browser. The module 
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persuasive text that appears in the pop- 
up in order to succeed with a button 
click. The configuration is shown in Fig- 
ure 14 and the resulting pop-up is in Fig- 
ure 15. Luckily for me, Firefox didn't 
have a Flash plugin enabled. 


Conclusion 

The piece de résistance of an attacker”s 
route to compromise is to take full con- 
trol of a user's machine by injecting a 
relatively tiny bit of JavaScript into a 
webpage. BeEF allows you to integrate 
the Metasploit pen-testing framework 
to deliver a payload that will escalate 
privileges after the browser is hooked 


(which could be the subject of a later 
article). 

T hope I have covered BeEF with 
enough clarity to make you think about 
how you will use the web in the future. 
BeEF uses JavaScript to set its hooks. 
This article should give you new insights 
into why many browsers have settings 
that limit JavaScript execution, but don't 
get complacent: One setting won't fix ev- 
erything. Intruders have many ways to 
attack a browser, and browser attacks 
are forever evolving. It is therefore im- 
perative to ensure that you are using the 
latest version of your browser of choice. 
That way, the patches and security 


Figure 13: The resulting installation bar. 
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Figure 14: The webcam configuration in BeER. 
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Figure 15: The resulting persuasive webcam pop-up. 
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improvements are more likely to mitigate 
the effects of such attacks. 

T know that 1 will be thinking twice be- 
fore clicking on a dubious-looking link in 
the future. Such attacks affect all brows- 
ers. If you still not convinced, recent re- 
ports on the malicious Cloud9 extension 
will give you a new awareness about the 
security issues facing even the normally 
bullet-proof Google Chrome [6]. The BeEF 
website [7] offers a more graphical look at 
BeEF, with a useful YouTube video and a 
number of links to other sources. MMM 


Info 


[1] More than Half of Browser Extensions 
Pose Security Risks: 
https://www. darkreading.com/cloud, 


study-more-than-half-of-browser 
extensions-pose-security-riskg 


[21 Understand Browser Sandboxing and 

Test on It: https://www.browserstack. 

com/guide/what-is-browser-sandboxing 

[3] BeEF at GitHub: 
https://github.com/beefproject/bee 

[4] BeEF Configuration: 

https://github.com/beefproject/bee 

wiki/Configuratio 

[5] BeEF Google Phishing Module: 
https://github.com/beefproject/beef, 
wiki/Module:-Google-Phishind 

[6] Malicious Extension Lets Hackers 
Control Google Chrome Remotely: 


https://www.bleepingcomputer.com, 
news/security/malicious-extension 
lets-attackers-control-google-chrome 


remotely 


[71 BeEF Project: |https:/beefproject.co 
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most convenient and cost-ef- 
fective tool for individuals to 
use to access the latest neural 
processing unit (NPU) artificial intelli- 
gence (Al) accelerating hardware. Due 
to its high cost and lack of availability, 
it is hard for a freelance developer to 
justify acquiring one of the now fa- 
mous (and infamous) NVIDIA A100 [1] 
Ampere cards with tensor processing 
units, with costs running into the tens 
of thousands of dollars and the cards 
destined for inevitable obsolescence as 
the newer Hopper (NVIDIA H100) [2] 
units arrive (as I am writing, I can see 
A100s advertised for $1.29/hour by a 
cloud vendor). The economic choice is 


Figure 1: Edge Al accelerators in the lab (from left to 
right): Raspberry Pi Al Kit, Google Coral USB, and 


NVIDIA Jetson Nano (Maxwell). 
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ublic clouds are doubtlessly the 
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Edge Al acceleration with Raspberry Pi 


Attordable Al 


Raspberry Pi enters the artificial intelligence accelerator fray 
with a low-cost solution. By Federico Lucifredi 


easy: Develop the code offline and 
only then provision a souped-up cloud 
instance for the actual training or in- 
ference task. 

Low-cost development strategies 
comprise Google's Colab [3], a hosted 
Jupyter Notebook environment provid- 
ing free access to GPU and TPU 
(Google's own Al chip) resources for 
research and learning, or purchasing 
older accelerators being sold second- 
hand at heavily discounted prices 
(with varying degrees of residual use- 
fulness). At the Dragon Propulsion 
Laboratory, we are partial to another 
strategy: edge Al accelerators. De- 
signed to enhance devices at the edge 
of the network, this class of chips is 
both low in 
power demands 


— a =] 


and affordable cost-wise, as well as 
worth understanding in its own right 
(Figure 1). 


First Look 

The Raspberry Pi Al Kit just became 
available, giving me the opportunity to 
present a first look at what promises to 
be a very interesting new entry in the 
edge accelerator class. The Al Kit con- 
sists of the standard Raspberry Pi M.2 
HAT + daughterboard and a Hailo-8L 
Al accelerator. Connections to the host 
Pi 5 board run through the GPIO pins 
and a dedicated ribbon connector, re- 
sulting in a single-lane PCle 3.0 con- 
nection with 8GBbps of bandwidth 
(Figure 2). Rated at 13 Tera Operations 
per Second (TOPS) of inference perfor- 
mance, the accelerator should offload 


Figure 2: Raspberry Pi 5 Model B next to the Al Kit's 
M.2 and accelerator boards (the Pi 5 and Pi 3 have 


the same port layout). 


Lead Image O robsnowstock, |23RF.com 


Figure 3: Installing the Raspberry 
Pi 5 is the easy part. 


the Pi's CPU entirely of neural network 
execution, leaving it free to respond to 
its results, as hinted by object recogni- 
tion, segmentation, and tracking 
demos showcased in the launch an- 
nouncement [4]. 

At $70 retail, the AI Kit compares well 
to the older Google Coral USB Accelera- 
tor [5] powered by a Google TPU chip 
running at 4 TOPS and presently priced 
at $59.99. Itis also in line with the 
price-to-performance of the 21-TOPS 
NVIDIA Jetson Xavier NX (8GB, $685) 
[6] when the cost of the SBC and other 
parts are included in the tally. Another 
interesting comparison is with the Apple 
A15 system on a chip (SoC) found in the 
iPhone 13, which can offload 15 TOPS. 
The much pricier NVIDIA A100 delivers 
1248 TOPS, but context matters here: 
These edge accelerators are meant for 
inference, not model training, because 
vendors now expect developers to get 
started (and in most cases succeed at 
their task entirely) with pretrained neu- 
ral models. Specifically, computer vision 
models are the ones most likely to be in 
use with the Al Kit, as they match well 
with the hardware's capability, rather 
than the generative models making the 
headlines with their text, image, or 
video creations. 


The Build 


Regular readers know I am partial to 
the Seeed Studio re_computer [7] cases 
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Figure 4: GPIO extensions and long 
standoffs make room to sandwich 
a CPU fan in our assembly. 


for SoC work, and indeed you can see 
one in Figure 2. For edge accelerator 
devices, however, I prefer to use the 
less developer-friendly (and more rug- 
ged) cases made by Swedish firm KKSB 
[8]. The access may be limited to the 
SBC ports rather than the full board 
and pin-out, but these powder-coated 
steel cases protect devices from the 
abuse of moderately mobile day-to-day 
work better than any high-access 
benchtop solution could (and they look 
great!). The KKSB Pi 5 case includes 
headroom for a HAT expansion, space 
that the Al kit absolutely requires. 
Assembly is not as simple as one 
might expect, due to the number of lay- 
ers and connec- 
tions involved. 
Assembly begins 
by securing the Pi 
5 to the case 
using standoffs, 
as shown in Fig- 
ure 3. With multi- 
ple standoff 
lengths provided, 
I selected the lon- 
gest and installed 
two extensions for 
the GPIO bus to 
raise the accelera- 
tor all the way to 
the top of the 
Case, stretching 
the PCIe ribbon 


connector to its limit (Figure 4). The 
M.2 HAT+ comes preinstalled with a 
Hailo-8L board and no further assembly 
is necessary. The next step is to install a 
CPU fan (Figure 5) - the official active 
cooler is both cheap and effective, and 
it is an absolute requirement for CPU 
intensive tasks. The only recourse a 
pegged processor has against over- 
heating is to slow down its clock speed, 
something we want to avoid in a CPU- 
bound Al system. 


Lights, Camera, Action! 

A ribbon cable bridging standard con- 
nectors with the mini interface found 
on the Pi 5 is also required, because 
the ribbon cable included with the Pi 
camera itself will not match the new, 
smaller interface. Another important 
consideration is the use of the Global 
Shutter Camera introduced last year. It 
Captures images up to 1456x1088 reso- 
lution while avoiding the distortion arti- 
facts produced by rolling shutter cam- 
eras - video input destined for process- 
ing by machine learning algorithms 
should be free of the rolling shutter 
artifacts that our human vision system 
cancels out during viewing. Finally, 
the camera itself needs a case and 
holder to protect and support aiming it 
(Figure 6), while the complete assem- 
bled system (see Table 1 for the parts 
list) can be inspected from all sides in 
Figure 7. 

The Hailo-8L is powerful enough to 
permit concurrent scheduling of the 
computer vision algorithm on the 
NPU with the task responding to its 
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Figure 5: Adding the camera connector and active 
cooling “snap-on” fan. 


IN-DEPTH 
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results retaining almost full use of the processing the output of two cameras, integration and ecosystem is precisely 
CPU. It also becomes possible to or performing multiple classification what we will examine next month - 
schedule multiple neural networks on a single video stream. Software stay tuned! MER 


Info 


[1] NVIDIA A100:[https:/www.nvidia.com] 15] Google Coral USB Accelerator: [attps:] 
Center/a 100/pdf/nvidia-a 100 

= [6] Jetson Xavier NX: 
121 NVIDIA OO: 


lcom/en-us-tensor-core/nvidia-tensor: - 
jlautonomous-machines/embedded.: 

lcore-gpu-datasheef - - - 
Isystems/jetson-xavier-series, 


[3] Google Colab: Ihttps://colab.googlg 


, . : [7] Seeed Studio re_computer case: 
[4] “Raspberry Pi Al Kit available now at - 
$70” by Naush Patuck, [https:/www] 
jai-kit-available-now-at-70, [8] KKSB cases: [https:/Kksb-cases.coml 
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Federico Lucifredi (W0xf2) is the Product Management Director for Ceph Storage at IBM 
and Red Hat, formerly the Ubuntu Server Product Manager at Canonical, and the Linux 


Figure 6: A tripod and case are the “Systems Management Czar” at SUSE. He enjoys arcane hardware issues and shell- 
final practical considerations for scripting mysteries and takes his McFlurry shaken, not stirred. You can read more 
the camera. from him in the O'Reilly title AWS System Administration. 


Figure 7: The complete assembly from all sides. Note reset button and hanging screw holes. 


Table 1: Parts List 


Raspberry Pi 5 8GB $80 
Raspberry Pi Al Kit for Pi 5 $70 

KKSB Case for Raspberry Pi 5 and expansion HAT $20.90 

Official Raspberry Pi 5 Active Cooler $5 

Raspberry Pi Global Shutter Camera Kit + Tele- $125 https: //wuww.canakit.com/raspberry-pi-global-shutter-camera-kit.htm 


scopic and Wide Angle Lens 


Raspberry Pi 5 Camera Cable, 200mm $1 https: //www.canakit.com/raspberry-pi-5-camera-cable.html 
Camera case and holder $19.90 https: //wuuw. amazon. com/dp/BB8CTNIHCFY 
Total cost $321.80 
LT] 
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Share Go code on GitHub 


Go Code on GitHub 


Give, Don't 


Take 


Go makes it easy to bundle universal code into a package and 
share it with the world on GitHub. Mike Schilli explains the 
tricks and how to avoid the pitfalls. By Mike Schili 


ttentive readers of this column 

will have noticed that the Go list- 

ings covered here often reference 

packages on GitHub, which the 
Go compiler picks up from there and inte- 
grates into the binaries as libraries. But 
you can't always take, take, take. Instead, 
let's contribute back! How hard could it 
be to write your own code and share it 


Listing 1: yttop.go 


with the world on GitHub? Then pro- 
grammers near and far can use it, saving 
them the time they could otherwise use 
to sing the originator's praises. 

By way of an example, a simple package 
that allows a Go application to store the 
passwords and API tokens it uses in an ex- 
ternal file would be useful. These strings 
should never be part of the code, and not 


just because the listings are printed here in 
the magazine. Hard-coded strings are also 
frowned upon in production releases, be- 
cause the code is usually openly available 
in a GitHub repo and automatic installa- 
tions like to roll out binaries and secrets 
separately - just as if the user were config- 
uring them manually after installation. 


01 package main WithAPIKey(apiKey)) 
02 27) videoIDs := make([]string, 0) 
03 import ( 28 call := service.Search.List([]string(["id")). 
04 "context" ChannelId(channelID).MaxResults(5).0rder("viewCount") 
05 "Emt" 29 resp, err := call.Do() 
A A 
06 ["EXRUD-TONASOI/ A a 
" : n " 
07 [eoo8legoleng.ore/api/option” el log.Fatalf("Error making search API call: %v", err) 
08 32 ] 
09 33 
0) 34 for _, item := range resp.Items ( 
a 35 if item.Id.Kind == "youtubeftvideo" ( 
36 j IDs = ji ID: j .Id.Videold 
12 func main() (1 videoIDs = append(videoIDs, item ideold) 
Sí 
13 m := murmur.NewMurmur() ¿ 
38 ) 
4 
E , 39 
His; apiKey, err := m.Lookup("youtube-api-key") 
A Ñ 40 videoCall := service.Videos.List([]stringí"snippet", 
16 ds oa O y 
"statistics")).Id(videolDs...) 
Y i 4 a 
panic(err) 41  videoResponse, err := videoCall.Do() 
S j 42 if err != nil [ 
me 43 log.Fatalf("Error making videos API call: %v", err) 
20 channelID, err := m.Lookup("youtube-channel-id") ya y 
A Pa 
21 a cas e anal 45 
za panic(err) 46 for _, item := range videoResponse.Items ( 
28 j 47 fmt.Printf("%6d %.40s (%s)In", item.Statistics. 
24 ViewCount, item.Snippet.Title, item.Id) 
25 ctx := context.Backgrouna() 48 ] 
26 service, err := youtube.NewService(ctx, option. 49 j 
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Listing 2: murmur.go 
01 package murmur 
02 
03 import ( 
04 MemE" 
05 gopkg 
06 too uta 
07 "os/user" 
08 "path" 


o 
[do] 
=u 


const Version = "1.0.1" 
// Read secrets from a .murmur YAML file 


type Murmur struct ( 
FilePath string 


const StoreFileName = ".murmur" 


O AS A A NS 


(19) 
o 


// Create a new instance 


[19] 
p 


func NewMurmur() *Murmur ( 


[19] 
(19) 


return €Murmur(j 


DDN DN 
dad e. 
— 


// Set the .murmur file path manually 


(19) 
0) 


func (m *Murmur) WithFilePath(path string) *Murmur ( 


[19] 
A 


m.FilePath = path 


28 return m 


31 func homePath() (string, error) Í 

32 u, err := user.Current() 

33 if err != nil ( 

34 return "", err 

35 J 

36 Pp := path.Join(u.HomeDir, StoreFileName) 


37 retuernsos adi 


Take a look at the sample application 


Soft Murmuring 


38 ) 

39 

40 // Look up a .murmur key by name and return its value 
41 func (m *Murmur) Lookup(name string) (string, error) ( 
42 if len(m.FilePath) == O ( 

43 path, err := homePath() 

44 if ere l= nl 1 

45 return "", err 

46 j 

47 m.FilePath = path 

48 3 

49 


50 dict, err := readYAMLFile(m.FilePath) 


[al af ere Sa 

52 return erre 

53 ) 

54 pass, ok := dict[name] 

55 sia Moa 

56 return "", fmt.Errorf("No entry found for %s", name) 
Bro TE 

58 return pass, nil 

EE TE 

60 


61 func readYAMLFile(path string) (map[string]string, error) 
1 


62 data := make(map[string]string) 


63 

6u4 raw, err := ioutil.ReadFile(path) 
65 ví ere = nu 1 

66 return data, err 

67 $ 

68 

69 err = yaml.Unmarshal(raw, data) 
70 Aereas 

AL return data, err 

ma y 

iS return data, nil 

e 


go-murmur path to do so. This procedure 


shown in Listing 1, for example. It de- 
termines the five most frequently 
viewed videos on a YouTube channel 
and requires a secret API key and a 
channel ID to do so. Instead of keeping 
strings with secret data in the code, 
the code calls the Lookup() function 
twice. It reads a string for the specified 
keyword from an external humanly 
readable file (in the example, "you- 
tube-api-key" and "youtube-chan- 
nel-id') and returns the results to the 
application. 


| icutube-api-key: AlzbrxDaruBParTyén]_JRTISOTS Wa ro TH 
¡Poutube-charnel-1d: UC4UNBDTS:yiHcO FAS rival 


| 
] 
1] 


"sosursur” [Modified] [readonly] 2 Lines —1804— Eh - : : . 
Figure 2: An application determines the five most 


The useful Lookup() utility function is 
part of a newly created Go package that 
programmers all over the world can inte- 
grate directly into their Go code from my 
public GitHub account. Because it's gen- 
erally unwise to announce secrets loudly 
- at best you would want to whisper or 
mumble - let's call the package murmur. 

The package is object-oriented. The 
application from Listing 1 calls the mur- 
mur . NeuwMurmur () constructor in line 13. 
Line 6 retrieves the package from GitHub 
using the URL with the mschi111/ 


[ 
4, lyttop 


follows the convention that GitHub 
repos containing Go packages always 
start with go-*. Internally, however, the 
package defines its name as murmur, not 
as go-murmur. Its implementation in List- 
ing 2 shows how this works. 

For the generated m object's Lookup() 
method to find the secret for a key such 
as "youtube-api-key", it needs to locate 
the YAML file from Figure 1 in which the 
keys point to secrets. Normally, the file 
named .murmur is located in the user's 
home directory. But you can specify an 


48592 Rio Portable Beach Shelter Assembly Inst [2q9thi? Res) 
24088 UPS Battery Replocesent Tripp-Lite SHART [UFWi_4sH4tE) 


15853 Original Bavarian pretrels rade at horse |1PGGU3Kepru) 
2223 Assoving center console Fonda Fit 2811 + (bliWoCrinaca) 
B662 La Crosse DC-704 BL-94889 fia chorging co [rgaalsricCAD) 


¡E 


Figure 1: Secrets hidden in the murmur file. 


popular videos on a YouTube channel. 
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go: finding modula for package github. compaechill 190-urmur 

go: finding module lor package 90001e.90la99. org api top ion 

go: finding module tor package gopkg.in/yami. vz 

go; finding module for psckege 3009.90 lag. org api youtube 

go: found pithub. com trono aura dea girhub. comercio arm 41.04.08 
goi found poople.golang.org'apifoptica in gpoople.golang.erg/lapl vb. 145.0 

go: found 5009le.901003.0rg4p1/youtebe/y3 in google.go lar. orgréapl 40.185,0 
go: found gopkg.inéyoml.v2 in popkg.infyaml. vi 42,4,.8 


$ qe build yttop.qo 

¡H La -L yttop 
-Miar-r-a 1 aca 
E 


srafT 


10150096 Jim 21 11:47 yttop 


Figure 3: Go retrieving the homemade murmur package from GitHub. 


alternative search path in the construc- 
tor, as I will show later. 


Channel Hit Parade 

The rest of Listing 1 for fetching the five 
most popular videos from my YouTube 
channel is a typical case for the YouTube 
APT. Line 8 retrieves version 3 of the offi- 
cial library, not from GitHub this time, 
but from the Google folks at[goTang. org] 
Line 28 creates a new service object for 
communication with the YouTube API 
server and passes the API key previously 
retrieved from the YouTube Developer 


Listing 3: murmur_test.go 
01 package murmur 
02 
03 import ( 


04 "testing" 


07 func TestLookup(t *testing.T) f 


08 mur := NewMurmur().WithFilePath("data/murmur.yaml") 


09 

0 name := "foo" 

TL Pp, err := mur.Lookup(name) 

2 aferre = ni 

3 t.Log("name", name, "not found") 
4 t.Fail() 

so) 

6 

7 TE Dl Ubarid 

8 t.Log("name", name, "p", p, 
9 t.Fail() 

20 J 

21 

22 name = "nonexist" 


243) p, err = mur.Lookup(name) 


24 VÉ err == nil 1 

25 t.Log("name", name, "found") 
26 t.FailO) 

a Y 

28 ) 
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"mismatch") 


Console and stored in the Murmur file. With 
it, the server knows who it is dealing with 
- it refuses to talk to strangers. How to ob- 
tain an API key for developers and a You- 
Tube channel's channel ID was the subject 
of an earlier Snapshot column [1]. 

The Search.List() function in line 28 
lists the five videos specified as MaxRe- 
sults for a given YouTube channel based 
on its channel ID. It sorts them by their 
"vieuCount" (i.e., their popularity). In 
most cases, there are exactly five hits 
coming back. The for loop starting in 
line 34 iterates over the list putting the 

IDs of the videos it 
finds into the vid- 
eolDs array slice. 


%* go test Y 
=== RUN 


Because the hit list provides some data 
for each clip but does not return the view 
counts, line 40 passes on previously 
found IDs to another call of the List fune- 
tion. It uses "statistics" to retrieve You- 
Tube's visitor statistics collected for these 
videos. Armed in this way, the for loop 
starting in Line 46 outputs the top five list 
of the most successful videos in the chan- 
nel, including the number of users who 
watched the videos (Figure 2). 

In this issue, however, the focus will 
not be on YouTube, but on the murmur 
package, which is now available on 
GitHub. To build the yttop top five 
chart's binary from Listing 1, the stan- 
dard three-command build sequence will 
work as expected. Figure 3 shows how 
go mod tidy finds and fetches version 
1.0.0 of the package from GitHub. The 
Go compiler links all the bits together. If 
you call the fully compiled yttop pro- 
gram from the command line, it presents 
the list of the channel's most successful 
videos as desired. 


Do-It-Yourself 
So, what does my murmur DIY package 
library look like? And how does it end 


TestLoakup 


== PASS: TestLookup 18.005) 


PASS 


ok github.comfrachill4/go-nurnur 


5 


8,1935. 


Figure 4: Running the test suite for the new package. 


$ yo doce —alll pithúb. cor machi 11490 reur 
package murear ¿1 deport "gitbub.com machi L11 go sra r” 


CONE TIMTS 


const 5toref li Lehame 


=*,marsur” 


const Weraion = "1,4,1* 


TPES 


type Murmur sirmct A 
FileFath string 


1 


Read secrets from a ¿¡murear VRML file 


fune Mesturmurd) «Murmur 
Creste a nee instance 


fune (m «Murmur) Loosupinase string) [stelng, error) 
Look up 4 mrsur key by ajae and retura 414 value 


fune (e Húurmurb MithilePathipath Stringl| =Aurmur 
Sot the .surmur File path manually 


i 


Figure 5: Automatically generated documentation 


for the package. 


Listing 4: murmur.yaml 


foo: bar 


some-key: "Quoted!" 


up on GitHub so that developers who 
call go mod tidy can find it and include it 
in their code? The NeuMurmur() construc- 
tor starting in line 21 in Listing 2 creates 
a structure of the Murmur type and returns 
a pointer to it to the caller. The pointer 
then acts as an object for the method 
calls that follow. 

Assigning parameters to a constructor 
(e.g., the path to the .murmur file) is not 
standardized in Go and cannot be solved 
cleanly using variable parameter lists due 
to strict typing. The DIY murmur package 
decides to define the constructor without 
parameters and to offer an optional Nith- 
FilePath() function (starting in line 26) 
for the object. This sets the path to the se- 
cret file as a string in the object structure. 
The modifier itself returns a pointer to the 
object structure so that several modifiers 
can be chained later. 

If the Lookup() method from line 41 de- 
termines that the user wants to retrieve a 
value, but no path is available yet, it 
searches the home directory for a file 
named .murmur and reports an error if it 
cannot find anything there. This only 
happens on the first call; from then on, 
the path is set in the object structure. 

Starting in line 61, readYAMLFi1le() 
(lowercase, because it is not exported) 
reads the JSON data from the file into a 
data structure of the map type. Line 55 
checks whether the specified key is de- 
fined. If it is present, line 58 returns the 
matching value (i.e., the secret), while 
line 56 reports an error to the caller if the 
search is unsuccessful. 


Reassuring Tests 

So much for the hopefully useful new 
package. However, even experienced 
programmers rarely see whether a piece 
of code actually works. This is why a Go 
package offered on GitHub should al- 
ways come with tests that can be exe- 
cuted by calling go test on the com- 
mand line and which report either suc- 
cess or an error. 

To do this, Listing 3 defines a Test- 
Lookup() function (the Test prefix is 
mandatory) in the murmur_test. go file 
(the _test. go suffix is also mandatory). 
This function calls the constructor 
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NeuMurmur () and uses WithFilePath() to 
include the YAML file that resides in the 
test suite's data/ directory in the return- 
ing object structure (or actually a pointer 
to it). As you can see from Listing 4, the 
test data file has an entry for the foo key 
that points to the bar value. 

The test program in Listing 3 now 
checks for precisely this result in line 
17. If everything works, the test suite 
does nothing. If an error occurs, it re- 
ports this, and the Go test framework 
testing calls t.Log() to output the mes- 
sages that were sent but suppressed 
previously. This usually helps to isolate 
the error reported by t.Fai1(). Figure 4 
shows a successful case in verbose 
mode. Without -v, the test suite would 
complete without saying a word in case 
Of success. 


Tr 


E > 0 n= pá care 


O machi | po-raurrear 


Coda Lila | Pal rra 


É go rmurmrur + 


mi 11m A Taj 
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mu du 

Do arca 

O CHARGER má 

% Ai 

| Arabia . 
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A pamar 
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Even a simple test is far better than 
none at all, and the package developer 
can roll out new releases after future 
changes with a clear conscience, as long 
as the test suite still runs smoothly. 
What else does a Go library on GitHub 
need - documentation, perhaps? Noth- 
ing is more annoying than coming across 
an interesting Go package on GitHub 
whose author was too lazy to show how 
it works in detail. 

Go makes it easy for lazy coders: Lo- 
cating type definitions or functions in 
the code, Go interprets the comment 
lines above them directly as documen- 
tation and displays them upon request 
(Figure 5), along with the program 
structures automatically extracted from 
the source code. No more excuses for 
missing documentation! 


e A 
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So rar Por pde AUDE TO GO VAREL TEDEO Lara lts 


Homar bo Lise 


L Gl A rar. pá 
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Figure 6: The new Go package on GitHub. 
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type Murmur 


bppe Hurñar struct -1 
FilePwth string 
hi 
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fune PMuarrar)i WithFisPabk 
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Est a remo Md pat mania dy 


D Source Files 


A 


Figure 7: pkg. go. dev has indexed the package. 
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However, when you discover a package on GitHub, it is not 
yet available locally. This means that the standard call to go 
doc at the command line to let you view the documentation 
will not work as of yet. This is why a Go project on GitHub 
should always be accompanied by a README. md file (md for 
Markdown format) that explains the use of the package to 
curious visitors in an appealing way, preferably by reference 
to an example (Figure 6). 


Publication 

In addition to this, the pkg.go.dev website indexes all packages 
on GitHub that look like Go and breaks down the autogenerated 
manual pages in detail (Figure 7). To nudge the server towards 
picking up the package from GitHub, a quick visit to| https:// 


pgk.go.dev/github.com/user/repo tan be useful. However, the 


website insists that the project be accompanied by a valid li- 
cense in the form of a LICENSE file. For the new go-murmur proj- 
ect, I simply cut-and-pasted an Apache 2.0 license (Figure 8). 

To use the package in other Go projects, the GitHub repo must 
contain a go. mod file. The command sequence shown in Figure 9 
creates this for the package's author. In addition to the module 
name with the full GitHub path, the new go. mod file lists all pack- 
ages on which the module depends under the keyword require. In 
this case, go-murmur still requires the YAML package residing at 
[gopkg. ir]. Armed with this definition, the Go compiler creates a 
dependency tree later, fetching the packages required to bind the 
binary from the network in the right order. 

For users to be able to use the new package, the current ver- 
sion of the repository on GitHub must also be given a tag in the 
v1.2.3 format using git tag. This is how go mod tidy on the cli- 
ent side knows which version is currently available online and 
which one is installed locally. 

Incidentally, GitHub also offers the option of marking certain 
versions as Release on each repo's 
O .| homepage. But Go does not do anything 
with this; the compiler only looks at the 
Git tags in the repo. The Version con- 
stant in line 11 of Listing 2 is also only 
used for internal project management 
and is of no interest to the Go compiler. 


Catch 22 
But will the new library also work for 
o other users? Until changes have appeared 
on GitHub, a test program cannot down- 
load them from there. Running go mod 
tidy to clarify dependencies will not find 
go-murmur if it has not yet been uploaded 
on GitHub. Even with future maintenance 
releases, go mod tidy still finds the old 
version on GitHub and stores it in the 
local go. mod. This in turn causes a subse- 
quent go build to test the old version in- 
stead of the planned new release. 

This can be temporarily fixed by the 
replace keyword in go. mod, as shown in 
Figure 10. On the right-hand side of the 


Figure 8: A license file is required for pkg. go. dev to index the package. spaceship arrow (=>) you will see .., 
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15 go mod ánit github.com'nschilli/go-murmur 
lgos: creating new go.med: nodule github.com'msch11 1400-0604 rm r 
¡gos to add module requirenents and Ssums: 


| go mod táidy 
$ go mod tidy 


go: finding module for package gopkg.in'yaml. wz 
lgos found gopkg.infyaml.v2 in gopkg.infyaml.v2 v2,4,0B 


$ cat go.mod 


¡module github.com'mschill4/go-murmur 


¡go 1.22,4 


¡ESQUEEa gopkg.inyaml,. vi 2.4.0 
5 


Figure 9: The project needs a go. mod file. 


¡Module mtest 


lgo 1.22.4 


¡require qopkg.in¿yaml.v2 v2.4.8 £f indirect 


| 
["go.mod" 9 lines —114— 


Figure 10: The replace directive replaces the GitHub 


reference for local testing. 


which tells the compiler not to search 
GitHub later, or even use a GitHub ver- 
sion of the package that may have been 
previously downloaded. Instead, it will 
search for the package code locally in 
the .. directory, where the crafty Go de- 
veloper maintains the new version of the 
library. 


Cutting Out the Middle Man 
If you use git push to make changes to 
the source code on GitHub, you can't 


E git tag v1.0.3 
5 git push —tags 


replace g1thub.com'mschilld/'go-mormur => .. 


¡require github.com'mschilli'go=mrmur v1.8.8 


expect external 
clients such as the 
Go compiler to no- 
tice them immedi- 
ately. Instead, you 
should be pre- 
pared for a long 
wait, because sev- 
eral caching layers 
are at work here. 
It can sometimes 
take half an hour 
for all the changes 
to trickle through. 

It can happen that go mod tidy does 
not find the new version on GitHub, but 
insists on the old, locally installed ver- 
sion. This is often due to the fact that the 
Go compiler go does not contact GitHub 
directly, but uses an intermediary de- 
fined in the GOPROXY environment 
variable. 

This service is operated by Google's 
Go team and is intended to prevent 
millions of running Go builders from 
overloading GitHub with repetitive 


Total 0 (delta 0), reused O (delta 0), pack-reused O 
To github, com:mschilli'go-murmur. git 


* [new tagl 
$ 


“1.0.3 => wl ¿0,3 


Figure 11: Git tags pushed to the repository determine the release version. 
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requests. During the development of 
new versions, itis therefore important 
to switch off the middle man. You can 
do so by setting the environment vari- 
able GOPROXY=direct, which forces the 
Go compiler to search for new versions 
directly on GitHub instead of relying 
on the global proxy with its outdated 
information. 

Another trick that disables the buff- 
ering proxy for go mod tidy is manually 
upgrading the version listed in go.mod. 
This means that go mod tidy tries to get 
the newer version immediately and 
without a cache. 


Up It Goes! 

If everything is working according to 
plan, then it's time to push the files 
into the repository on GitHub using git 
push. In Figure 11, git tag sets the ver- 
sion of the new release locally. A sub- 
sequent git push --tags also pushes 
the tag to the repository on GitHub. 
From then on, hopefully countless 
users will rush to retrieve the code. Re- 
sponsible package authors keep their 
fan base excited by avoiding introduc- 
ing incompatible API changes from this 
point on, fixing any reported “issues” 
in a flash, showing gratitude, and 
being friendly in general. HEN 
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MASA Weather Station 


Figure 1: The weatherproof sensor by Bresser 


transmits data wirelessly. 
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Maker>pace 


Process data from a 


weather station with Linux 


Weather Outlook 


A DVB-T stick retrieves information from a professional 
weather station and stores it in a database for downstream 


processing. By Martin Mohr 


f you frequently check the daily 
weather forecast, having your 
own weather station might be a 
good thing. However, profes- 
sional devices are expensive, and they 
also mean that the amateur meteorolo- 
gist is locked in to the display panels 
of the weather station vendor. As a 
rule, it is impossi- 
ble to use the 
measured values 
in your own 
applications. 

The cost driver 
is not typically 
the sensors in the 
weather stations, 
but the display 

— a modules. A DIY 
solution could 
handle the mea- 
surement-only 
tasks, but the 
sensor 


ing 1: Installing from Source Code 


sudo apt-get install git libtool libusb-1.0-0-dev 
librtlsdr-dev rtl-sdr build-essential cmake pkg-config 


mkdir weather €g cd weather 


git clone[https: 
cd rtl_433/ 
cmake . 

make 


sudo make install 


github.com/merbanan/rtl_133.g81t 


technology must be energy-saving and 
weatherproof. This is not easy to im- 
plement in a DIY project and adds to 
the overhead and costs. As an alterna- 
tive, you could use the sensors of a 
professional weather station and draw 
on the data it provides for your proj- 
ect. In this article, I show you how to 
tap into the data stream of a weather 
station with a standard DVB-T USB 
stick, store the data in a database, and 
visualize it with Grafana [1]. 


Hardware 

First of all, you need a sensor (Figure 1) 
suitable for your weather station project. 
Sensors like this are available for rela- 
tively little cash. I used a 5-in-1 outdoor 
sensor by Bresser [2] for around EUR8O. 
The price and features can vary, and 
similar sensors with more features can 
be obtained at a lower price; it might be 
worth doing a little research. Bresser 
seems to restrict shipping to Continental 


Modifying Udev 


The rt1_433 software accesses the 
DVB-T stick via USB. That will nor- 
mally require root privileges, unless 
you explicitly allow a normal user to 
talk to the device files. You can create 
a configuration file that grants access 
rights for the specific device. These ac- 
cess rights can be managed in a very 
granular way. In our case, we just need 
to set up authorizations for all devices 
by one vendor. This is done using the 
unique vendor ID (idVendor). 

The 1susb command offers a quick way 
to determine this identifier: It lists the 
names and IDs of all the USB devices 
on the bus. For the stick that | have 


Listing 2: 60-DVBT-Stick.rules 


$ echo 'SUBSYSTEMS=="usb", ATTRSfidVendor]=="0bda", MODE:="0666"' 
etc/udev/rules.d/60-DVBT-Stick.rules 


$ sudo udevadm control --reload-rules 
$ sudo service udev restart 


$ sudo udevadm trigger 


Listing 3: Creating the Database and User Account 


$ sudo apt install mariadb-server libmariadb3 libmariadb-dev 


$ sudo mariadb 
Welcome to the MariaDB monitor. 


Your MariaDB connection id is 31 


Commands end with ; or Mg. 


used in this project, the output is Bus 
003 Device 0611: ID O6bda:2838 Realtek 
Semiconductor Corp. RTL2838 DVB-T, and 
it contains the manufacturer ID (8bda) 
and the model ID (2838). 


To assign the authorizations, you first 
need to create a suitable file in the folder 
/etc/udev/rules.d/ working as root. The 
file name must follow the convention 
used and clearly state what function the 
file has. In my example, | named the file 
60-DVBT-Stick.rules. The first line of List- 
ing 2 shows the entries required for all 
users to be able to access devices by this 
vendor. To enable the rules without re- 
booting, use the commanads in Listing 2. 


| sudo tee / 


Europe - the Acu- 
Rite Iris 06014 
PRO+ [3] is a sim- 
ilar product that's 
available from 
Amazon. 

The Bresser 


Server version: 10.6.16-MariaDB-Oubuntu0.22.04,1 Ubuntu 22.04 


lesa] 


MariaDB [(none)]> CREATE DATABASE Bresser; 


Query OK, 1 row affected (0.000 sec) 


MariaDB [(none)]> GRANT ALL ON Bresser.* TO 
'dbuser'0M'localhost' IDENTIFIED BY 'PaSsWoRad!''; 


Query OK, O rows affected (0.001 sec) 
MariaDB [(none)]> FLUSH PRIVILEGES; 
Query OK, O rows affected (0.001 sec) 
MariaDB [(none)]> CONNECT Bresser; 
Connection id: Sel 


Current database: Bresser 


MariaDB [Bresser]> CREATE TABLE measurements(id INT auto_ 
increment NOT NULL, PiT DATETIME NOT NULL, id_sensor INT 
NOT NULL, battery_ok INT NOT NULL, temperature_C FLOAT 
NULL, humidity FLOAT NULL, wind_max_m_s FLOAT NULL, wind_ 
avg_m_s FLOAT NULL, wind_dir_deg FLOAT NULL, rain_mm FLOAT 
NULL, CONSTRAINT Bresser_PK PRIMARY KEY (id)); 


Query OK, O rows affected, 1 warning (0.006 sec) 


MariaDB [Bresser]> exit 


Bye 


sensor measures 
the temperature, 
humidity, wind 
speed, wind di- 
rection, and pre- 
cipitation. It 
transmits on a 
frequency of 868 
MHz; other de- 
vices use 433 
MAz. During the 
installation, you 
need to point the 
sensor north and 
mount the sensor 
vertically. A 
small spirit level 
integrated in the 
housing and a 
marking on the 
sensor for north 
will help you 
with this. 

To access the 
data stream that's 


Weather Station MINSA 


generated by the sensor, l used a stan- 
dard DVB-T USB stick that is intended 
to receive digital radio and television 
signals via terrestrial channels. The 
stick has to support Software Defined 
Radio (SDR). It is also important to en- 
sure that it is based on an RTL2832 
chipset. My project uses the no-name 
820T2 Digital USB 2.0 [4] TV stick for 
around EUR27; Amazon lists a very 
similar-looking item for $36 [5]. 


Software Setup 

You can install the required software 
without any trouble (except for one in- 
consistency) on a recent Ubuntu system. 
The command 


sudo apt-get install rtl-433 


installs the software on the system. Dur- 
ing the installation process on my own 
computer, the program was not correctly 
added to the system's search path, but it 
was still possible to work with it using 
the absolute path. 

If you encounter similar problems, 
the alternative is to build the software 
from the sources. The commands re- 
quired for this are shown in Listing 1. 
The code in the GitHub repository is 
more up-to-date than the version that 
you can install via the package man- 
ager, and in my tests it worked on the 
Ubuntu desktop on a Raspberry Pi 
without any problems. 

To check whether everything has 
worked, start a trial run after compiling 


by typing 
rtl_433 -f 868M -T 120 


If that gives you an error message, you first 
need to set the authorizations for the USB 
device. Detailed instructions can be found 
in the “Modifying Udev” box. To avoid the 
authorization worries for an initial test, 
you can use sudo just this once. 


Setting Up the Database 

I have used MariaDB to store the mea- 
sured values from the weather station. 
To install the database software, type 
the command shown in the first line of 
Listing 3. The following commands 
create a database (Bresser) along with 
a matching user account (dbuser). As 
the user can only access the database 
via localhost, the password does not 
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Figure 2: This is a sample view of 
how Grafana visualizes the 
weather data. 


Listing 4: Python Environment 
python -m venv bresser 
source ./bresser/bin/activate 
cd bresser/ 


pip3 install mariadb 


Listing 5: Saving Measured Values 


have to comply with strict security 
guidelines. In the newly created data- 
base, create a table named measure- 
ments for the data. 


Saving Data 

A Python script handles the task of 
storing the data transmitted by the sen- 
sor in the database. You need a library 
to access the database with Python; it 
can only be installed in a virtual Python 
environment. Use the commands from 
Listing 4 to set up the environment in- 
cluding the library. 

Now run the Python script from List- 
ing 5 in the environment. It executes 
the rt1_433 tool in a child process 
(line 5) and writes the received values 
into variables (lines 10-23); it then uses 
the variables to create an SQL com- 
mand (lines 27-30) that stores those 
values in the database. 


Automate with Crontab 

To regularly store the current mea- 
sured values in the database, you will 
need to run the script cyclically. You 
can use the Cron daemon on the 


Listing 6: Crontab 


%/5 RR 


Raspberry Pi to do this. It automati- 
cally executes the programs defined in 
the Crontab configuration file: That is 
where you define the times at which 
you want a program to launch. For our 
sample script, you can use the entry 
from Listing 6. To edit the Crontab, 
type crontab -e. A detailed description 
of how Cron works can be found in an 
older Linux Magazine article [6]. 

When saving the measured values, it is 
important to note that the data can occupy 
a large amount of space on the SD card 
over time. It is important to think about a 
strategy for handling the data. The easiest 
approach is to delete data after a certain 
period of time. Alternatively, you can cre- 
ate a daily data record containing a sum- 
mary of the weather data. 


Visualization 

Grafana is a useful platform for visualiz- 
ing your measured values. The tool's 
website gives you all the information 
that you need to setup Grafana [7] and 
then configure a data source (your SOL 
database) that will allow for data visual- 
izations as shown in Figure 2. 


/home/pi/wetter/bresser/bin/python /home/pi/wetter/bresser/bresser.py 


01 import subprocess 20 if "battery_ok" in values: 
02 import ¿son 2 battery_ok=values ["battery_ok"] 
03 import mariadb 22 if "humidity" in values: 
04 id="3229280" 23 humidity=values["humidity"] 
05 mesurements=subprocess.run( ['/usr/local/bin/ 24 try: 
rt1_433','-f868M','-T30', '-Fjson'], stdout=subprocess. 25 con = mariadb.connect(user="dbuser", 


PIPE) .stdout.decode('utf8').split('An') 


06 for line in mesurements: 


07 print(line) 


27 sql="INSERT INTO Bresser.measurements " 
08 if id in line: 
28 sql=sql+"(PiT, id_sensor, battery_ok, temperature_C, 
2) values = json.loads(line) humidity, wind_max_m_s, wind_avg_m_s, wind _dir _deg, 
o if "temperature_C" in values: rain_mm )" 
1 temperature_C=values ["temperature_C"] 29 sal=sql+" VALUES(now(), "+str(id)+", "+str(battery_ 
Ook)+", "+str(temperature_C)+", "+str(humidity)+"," 
a if "wind_max_m_s" in values: q Sue +, ( y)+", 
; y 30 sql=sql+str(wind_max_m_s)+", "+str(wind_avg_m_s)+", 
3 wind_max_m_s=values["wind_max_m_s"] X E a 
"+str(wind_dir_deg)+", "+str(rain_mm)+">);" 
Y if "wind_avg_m_s" in values: Sil cur ceca) 
5 wind_avg_m_s=values["wind_avg_m_s"] 32 con.commit() 
6 if "wind_dir _deg" in values: 33 con.close() 
7 wind_dir_deg=values["wind_dir_deg"] 34 except mariadb.Error as e: 
8 if "rain_mm" in values: 35  print(f"Error connecting to Database: (e)") 
9 rain_mm=values["rain_mm"] 36 sys.exit(1) 


password="PaSsWoRd! ", host="localhost", port=3306, 


database="Bresser") 


26 cur=con.cursor() 


Conclusions 

It has certainly impressed me that a 
standard DVB-T USB stick can retrieve 
data from a weather station. This data 
can be stored and processed in a data- 
base with relatively little effort. Things 
get really exciting if you use the mea- 
surements to control a heating system or 
blinds - ioBroker [8, 9] is one of the 
tools that enable such functionality. AMA 
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DVB-T stick (alternative): https://www.amazon.com/dp/B00P2U0OU7A 


Cron article: Bruce Byfield, “Scheduling Commands and Scripts”, Linux Magazine 
1225 (2019), 
https://www.linux-magazine.com/lssues/2019/225/Command-Line-at-cron-anacron 
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Requirements 


+» Air flow within the housing must be 
guaranteed. This is why | planned for 
large ventilation slots with space for 
the Active Cooler. 


» Access to the GPIO header must be 
possible without restrictions; the cut- 
outs in the case must be large enough 
to allow for this. 


+ The case has to offer enough space to 
accommodate a HAT. To ensure that 
the HAT and the cooler do not get in 
each other's way, the HAT is mounted 
vertically in the housing using an an- 
gled socket strip [5]. 

+ The backup battery for the RTC also 
needs a fixed location. 

+ The Raspberry Pi 5 has a connection 


for an external power button [6] that 
needs to be taken into account. 
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Raspberry Pi 5 Case 


* Makeropace 


3D print your own Raspberry Pi 5 case 


Nicely Packaged 


The official Raspberry Pi 5 case is not the perfect solution for 


all applications, so it makes perfect sense to design and 3D 
print your Own Case. By Martin Mohr 


he Raspberry Pi 5 offers many 

new functions. Unfortunately, 

the original case that is sold 

by the Raspberry Pi Founda- 
tion is too small to make full use of all 
the options. This starts with the GPIO 
header: The 40-pin plug is very awk- 
ward to connect. The lid does not close 
properly, and it covers the fan. The 
case itself is so tightly dimensioned 
that the factory-fitted fan struggles to 
circulate the air. Things get even more 
cramped if you use the Active Cooler [1]. 
Apparently no one considered the fact 
that the battery [2] for the Real Time 
Clock (RTC) also needs some space. All 
in all, a usable case needs to offer 
more space and offer some Openings 
for cooling. Ideally, it should be large 
enough to provide space for any Hard- 
ware Attached on Top (HAT) you 
choose to install. 

My plan was to develop a case to 
meet even the toughest requirements; it 
also had to be sufficiently flexible to 
cope with future requirements. The 
“Requirements” box summarizes the 
design goals and describes how I've 
dealt with some of the problems of the 
official case. I built the case myself 
using a 3D printer. To create the model 
for printing, l used Onshape [3], an on- 
line CAD program that is free for private 
use. Note that all models created with 


Onshape are publicly accessible. Video 
tutorials will help you familiarize your- 
self with the program [4]. 


Model 

Creating a 3D model is an iterative pro- 

cess that usually requires several at- 

tempts until everything fits as desired. 

Precise measurements are a great help 

here. Let's take a look at the data sheet 

(Figure 1) of the Raspberry Pi 5 [7]. We 

can take some measurements for our 

case from this, such as the space be- 
tween the mounting holes. But not all of 
the required dimensions can be found 
here; you will need a caliper gauge to 
determine the others. 

Next, it's time to consider the case's 
structure; in principle, it has to consist of 
a lower and an upper shell. The lower 
part houses the Raspberry Pi with all the 
general components such as switches 
and battery. The upper half can vary 
depending on the application: 

e Tf you want to use the Raspberry Pi 
without any components connected to 
the GPIO, a simple lid is sufficient 
(Figure 2). 

e If instead, you will be using the GPIO, 
the upper part of the housing needs a 
cable pass-through (Figure 3). 

e And finally, if you want to use a HAT 
or a separate circuit board on the 
GPIO, design the cover to be as tall 
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al 34.1 - 
Figure 1: An overview of the dimensions of the Raspberry Pi 5 (measured in millimeters). 
as needed, and add more cutouts if re- There are a few general points to phase, you also need to make sure that 
quired (Figure 4). As the HAT then oc-. consider when developing models for the 3D model matches the layer height 
cupies the space in which the button the 3D printer. It is advisable to pro- of the printer: Otherwise the 3D print- 
is located, it has to move to the upper vide some space between the housing out will not have the expected dimen- 
part of the housing. and the circuit board; 0.5 millimeters sions. Even in the age of CAD, it is ex- 
The two shells are designed to fit into will do the trick here. If the gap is too tremely useful to create a sketch on 
each other, and magnets glued in each small, you may not be able to remove paper first. When you mount the Rasp- 
half hold them together. the circuit board. During the design berry Pi board in the case, make sure 


Figure 2: If you do not need the GPIO interface, a Figure 3: You need an additional cable pass-through 
simple lid is fine. to use the GPIO. 
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sufficient height in the cover. 


that the case does not press on the 
built-in power button. 

If you have already mounted a heat 
sink on the Raspberry Pi, heat it up 
using a hair dryer to loosen the adhe- 
sive. The heat sink can then be re- 
moved with a gentle twisting motion. 
To be able to use an external power 
button, you first need to populate 
jumper JP2, which is located next to 
the USB-C socket. 


Active Cooler 

As already mentioned, the original 
Raspberry Pi 5 case is a little tight. 
That's precisely why 1 developed a cus- 
tom case. I wanted to be able to use 


= Pi5 Housing 


Figure 4: When using a HAT, you need to provide 


the Active Cooler 
without too much 
tinkering and 
without the GPIO 
cable obstructing 
the airflow. I've 
added an air in- 
take on the top of 
the case, so the 
warm exhaust air 
can escape 
through the large 
openings in the 
connectors. 

The opening 
will probably not 
have this effect in 
the tall case shell, 
but the warm air 
can escape from 
the case, which prevents heat building 
up. Using the Active Cooler offers other 
advantages in addition to improved 
cooling: The Raspberry Pi runs very 
quietly, and the WLAN/Bluetooth chip 
and the power supply are cooled as well 
as the CPU. 


Outtakes 

At this point, I want to share some of 
the failings in my early design at- 
tempts; the causes were mainly minor 
measuring errors and bad ideas. There 
were many issues with the holders for 
the magnets that hold the case half- 
shells together: They need to be flush 
with the edge of the case, but must not 
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be flush with the edge of the guide. 
Getting the various cutouts to fit to- 
gether perfectly also took several at- 
tempts. And there was a particularly 
annoying mishap related to the push 
button: Everything fitted together, but I 
was unable to turn the nut on the but- 
ton because the gap was one millime- 
ter too small. Failed attempts like this 
can cost you several hours of printing 
time before you can continue with the 
project. 


Conclusions 

Armed with the right software and a lit- 
tle practice, it's not that difficult to de- 
sign a case that is tailored to your re- 
quirements. Depending on which HAT 
you want to use, you may need different 
cutouts. You are bound to experience a 
few mishaps, but as we all know, we 
learn from our mistakes. 

You are welcome to adapt and develop 
the housing that 've developed to your 
needs; it is available on Onshape [8] 
(Figure 5). That way, you will gradually 
arrive at a customized solution that's 
perfectly tailored to your needs. 1 hope 
you will enjoy the process. 4MAB 


Info 
[1] Active Cooler: 


products/active-cooler) 
[2] RTC battery: [https://www. raspberrypi, 
om/products/rtc-battery) 


[3] Onshape: |[https://www.onshape.com, 

[4] Online training for Onshape: 
https://www.onshape.com/en 

[5] Angled socket strip: 
amazon.com/dp/BO7VK75P9, 

[6] Elegant power button: 
amazon.com/dp/BOC308KR7, 

[71 Raspberry Pi 5 data sheet: 

tips://datasheets.raspberrypi.com, 


pib/raspberry-pi-5-mechanical: 
[8] 3D models on Onshape: 
tips://cad.onshape.com/documents, 


17a3950be547a8f906a383a/w, 
0037e75844ffbff85c718c8/€/ 
ladd7138ddb5751a7c2768. 
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Proficiency at the command line is the holy grail for 
many Linux users Sure, the desktop looks nice, and it 
proves that Linux can be friendly and colorful like Windows 
and macoOS, but many advanced users would still rather 
be ata terminal window than clicking with a mouse. We 
do love our graphic file managers, though. Is there a 
command-line tool that can compete with Dolphin, Gnome 
Files, and the other desktop variants? If you're looking 
for a speedy and flexible text-based 

file manager with many of the 
conveniences of the desktop 
models, you'Il be interested to 
learn about a plucky terminal 
gem called Yazi. We'll get 
you started in this month's 
Linux Voice. 
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Doghouse - Real Values 

Jon “maddog” Hall 

A great part of early Linux was the 
fun — of programming, sharing, 
meeting others — and It's worth 
cultivating now. 


FOSSPicks 

Nate Drake 

This month Nate looks at COSMIC 
Epoch 1, Picker, Freeciv21, 
Flameshot, TextBin, Tuba, Proton 
VPN, and much more! 


Tutorial - Yazi 

Marco Fioretti 

This fast and flexible file manager 
offers command-line speed with 
some GUI-like conveniences. 
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Open Source 
Is more than tech 


Find jobs in sales, marketing, 
customer support, and more! 


opensourcejobhub.com/jobs 


looking for illustrations to use in articles. Most of these pic- 
tures reach back to 1994 and are arranged by date and the 
city or event where they were taken. 

As | went through them, | realized a couple of things. First of 
all, there were not only people that had slipped my memory, but 
even the event or city had been “forgotten.” The amazing thing 
about the human mind, however, is that you never really forget 
anything that you ever consciously do, so even though | had for- 
gotten about some of them, the pictures often reminded me of 
great times with great people. 

Free software was at the core of this. Throughout my lifetime 
(or at least from the time that | was a university student and 
finding out about computers for the first time) people sharing 
their skills and knowledge through their software has propelled 
my learning, my career, and my persona. People tried to help 
me, and | hope | have not only paid it back but also have “paid it 
forward” to others. 

Looking through the early pictures | was reminded how many 
of the people in the pictures were so young. When | first met 
Linus, he was only 24. Many of the others were still in university, 
so were of ages 18-21 for the most part. | was 44, and felt an- 
cient by comparison, but | was accepted into the community. 
Now | am 74, and Linus is no longer the university 
undergraduate. 

We had fun. Having conferences that were free to attend, held 
at universities where barefoot participants played Frisbee out 
on the lawns during lunch break, where speakers slept on the 
floor of apartments to save travel money. | remember when the 
first events told sponsoring companies that “You are allowed a 
table that is 8 feet by 4 feet” | remember IBM representatives 
almost crying and saying, “We do not have anything that can be 
shown on a table top, but IBM persevered and was embraced. 

There was the whole crisis around Linux not having a mas- 
cot, and while sharks, eagles, lions, bears, and even a platypus 
made their bids, the lowly penguin was chosen. Then the mad 
dash to draw the perfect penguin, a contest won by Larry 
Ewing, then a student of Texas AgM University. The choice of 
the name “Tux” came later. 

Tuxes appeared everywhere, because Tux was fun. You 
could dress Tux up in various suits of clothes and put them in 
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A great part of early Linux was the fun — of programming, sharing, 
meeting others — and it's worth cultivating now. syon "mapnoc"HALL 


The fun of open source 


Jon “maddog” Hall is an author, 
educator, computer scientist, 
and free software pioneer 
who has been a passionate 
advocate for Linux since 1994 
when he first met Linus Torvalds 
and facilitated the port of 
Linux to a 64-bit system. He 
serves as president of Linux 
International6. 


various situations. There were many breeds of penguins that 
could be “adopted” by distributions. My favorite was the African 
penguin, also known as the jackass penguin for its loud donkey- 
like call, as it reminded me of Steve Ballmer, a former CEO 
from Microsoft. 

| still remember the time | was at CeBIT, at that time the 
world's largest computer show, and a three-foot plush Tux 
penguin appeared at the top of a large booth. The next day 
there were five more Tux penguins in five different booths as 
the exhibitors realized that plush Tuxes were a way to draw in 
customers. 

Then there were the events, such as Linux Bier Wanderung 
a week-long event where people hiked and then set up a 
camp to do programming and enjoy each other's company 
(and of course beer). This event went on for 20 years until 
COVID-19 managed to crush it. 

Programming and learning about computers is fun for me, 
and | was happy to try and transfer that fun to other people. 
Unfortunately it seems to me that the corporate mentality 
has decimated some of the things that allowed the fun to 
exist. Conferences are a lot larger and more glitzy than the 
smaller “fun” events of the past. While some have reduced 
fees for students and (sometimes) hobbyists, the fees are 
often very high. 

Alot of the Local User Groups (LUGs) have disappeared, and 
the business plans around “open source” are more about get- 
ting contributions of code for closed source products than al- 
lowing the fun of the end user actually building the code 
themselves. 

Part of the fun, for me, was creating code that | could use my- 
self and made my life better. Later on it was about working with 
others to create code that both | and other people could use to 
make our lives better. 

This is not to say that the fun has disappeared entirely. Just 
as the jackass penguin is only endangered and not yet extinct, 
with a little loving care we can expand the fun or even totally 
bring it back. 

Several years ago President Lula of Brazil appointed Gilberto 
Gil, Brazil's greatest rock music star, as Brazil's Minister of 
Culture. Perhaps technology companies could have a person 
on staff as their Minister of Fun. aaa 
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FOSSPicks 


Nate explores the top FOSS including the last word in file 
“ compression, a superb Mastodon client, a Freeciv fork, and 
a random task selector. ey ware oraxe 


Desktop environment 


COSMIC Epoch 1 


ystem76 is one of a very 
select group of compa- 
nies that sell laptops, 


computers, and servers with only 
open source software prein- 
stalled. To this end, System76 
also bundles Pop!_0S on its de- 
vices. The distro is based on 
Ubuntu but traditionally has used 
a custom version of Gnome 
known as COSMIC. 

Aside from working with Sys- 
tem?76 hardware, one of Pop!_0S's 
biggest draws ¡is that it works out 
of the box with both NVIDIA and 
AMD GPUs. The latest version of 
the COSMIC desktop is now avail- 
able via Pop!_0S 24.04 LTS alpha. 


The System76 website also in- 
cludes instructions for installing 
the desktop environment in 
major Linux distros such as 
Fedora and Arch, but System?76 
is quick to point out that this is 
still in the testing stages, so you 
should only install on a spare or 
virtual machine (VM). 

Keen to take the OS for a test 
drive, | downloaded the latest 
Pop!_OS ISO and fired it up in 
VirtualBox. (For fellow VM users, 
note that | had to enable 3D 
acceleration to get it working). 
While the install failed, | was able 
to fire up COSMIC in “demo 
mode” to test out its features. 


1. Workspace switcher: Switching between workspaces works flawlessly, but 
there is some flickering. 2. Applications: COSMIC comes with a handful of pro- 
grams including its very own text editor. 3. Regional settings: Click here to 
switch between different keyboard layouts via COSMIC Settings. 4. Workspace 
settings: You can choose tiled/floating workspaces as well as view shortcuts. 
5. Notifications: Similar to in Gnome, you can click here to view or to toggle 
“do not disturb.” 6. COSMIC App Store: Categorized applications took time to 
load but installing works perfectly. 7. COSMIC Settings: Currently there are 
only six categories but they cover basic customization. 8. COSMIC Text Editor: 
This is suitable for basic notes but isn't ideal for heavy word processing. 
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Sparkling gems and new 
releases from the world of 
Free and Open Source Software 


From reviewing the install instructions, | noted that COS- 
MIC ¡is written in Rust. It uses the iced cross-platform GUI 
library and Smithay as building blocks for its compositor. 

The install instructions also note that the intention is to 
develop an entirely independent COSMIC desktop without 
any reliance on Gnome. For now at least, there are still 
some clear nods to the alpha's Gnome roots, such as Ap- 
plications and Workspaces shortcuts at the top left of the 
screen. While invoking workspaces, | discovered some 
COSMIC teething issues when the preview of the differing 
workspaces began flickering slightly. 

When writing about software for FOSSPicks, | try not 
to regurgitate anything already present in online reviews, 
but numbers of reviews have pointed out how quickly 
applications and locations now launch in COSMIC. 
There's also a consensus that the COSMIC Settings app 
is currently fairly basic, though you"! find all the impor- 
tant features. For instance, the Desktop section allows 
for easy configuration of the wallpaper, panel, and dock. 
Il was also able to use the Display section to switch from 
the default (1280x800 pixels) resolution to one more 
suitable for screenshots (1280x720 pixels). 

When launching the App Store, | noted the window 
opened readily enough but it took around half a minute 
for the apps to appear in the offered categories including 
Game, Relax, and Learn. This apparently is a considerable 
improvement over the previous Pop!_OS store, which 
could take much longerto load. When | attempted to in- 
stall Kalzium (a handy app for displaying the periodic 
table), the Flatpak downloaded and launched in seconds. 
You'll most likely need to make heavy use of this, because 
COSMIC only comes with a handful of preinstalled apps. 
Web browsing is handled by Firefox and email by Thun- 
derbird. There's no productivity software, but you can 
write basic notes using COSMIC Text Editor. Although 
Vim is listed under Utilities, it failed to launch. 

Teething issues aside, it's extremely exciting to have a 
preview of an emerging independent desktop environment. 
The user interface is well laid out and intuitive. | can't wait to 
review the stable version for readers in the near future. 


Project Website 
tips: //system76.com/cosmic, 


Task selector 


Picker 


n the novel The Dice Man, 
] psychiatrist Dr. Luke Rhine- 

hart chooses to start making 
decisions based on dice rolls. He 
begins by writing down options 
for every combination of the dice, 
then conducts his life according 
to the combinations he rolls. 
Over the course of this cult clas- 
sic, his “dicelife” governs his de- 
cision to have an affair (then 
quickly break it off), how he 
spends time with his son, and 
even leads him to kidnap a num- 
ber of psychiatric patients from 
an institution. 

Because it was written in the 
“70s, those who wished to join 
the “cult of the dice” were 
obliged to use pen and paper 
with real dice to give over their 
lives to randomness. Fortu- 
nately, in 2024 developer 


Turn-based strategy game 


Freeciv21 


ost readers will be fa- 
miliar with Freeciv, an 
open source fork of 


Sid Meiler's Civilization |l, which 
was first released in 1996. The 
group of developers who have 
now forked Freeciv call them- 
selves “Longturn.” From visiting 
their si el https://longturn.net.|t's 
clear that these guys take their 
Freeciv seriously, because there's 
extensive documentation on how 
to play games over the course of 
several months. They're also very 
active participants in the Freeciv 
forum, even contributing their 
own patches. 

Of course this begs the ques- 
tion: Why reinvent the wheel? 
Freeciv players have happily 
been nursing their virtual civili- 
zations for 28 years now, so why 
fork the project in the first 
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MezoAhmedll has offered an el- 
egant alternative with Picker. 
The project page modestly de- 
scribes itas “A simple app to 
pick something out of a list of 
things” It's available via Flathub 
and allows users to enter vari- 
ous possible decisions, and 
then have the app choose one 
atrandom. 

To get technical for a moment, 
Picker is written in Python and 
uses the built-in “random” mod- 
ule. This is considered pseudo- 
random in that results are based 
on an algorithm rather than a 
rue source of entropy. Still, if 
you're only using the app to de- 
cide which chores to do or which 
ingredients to use for dinner, 

hen this degree of randomness 
should be sufficient, if not cryp- 
ographically secure. 


place? The project page justifies 
itself by saying Freeciv21, “ex- 
tends [Freeciv] for more fun, 
with a revived focus on competi- 
tive multiplayer environments” 
The site FAQ adds that “Legacy 
Freecivis concentrating on sin- 
gle-player games for the most 
part” 

The game is available via 
Flathub, as well as Snap and 
AUR packages. As with Freeciv, 
your first turn starts at the 
dawn of history (4000 BC). It's 
your responsibility as the player 
to build cities in your civilization 
to support your military and 
economy, all the while engaging 
in warfare or diplomacy with 
rival players. The developers 
claim the code is based on the 
Qt Framework. They also state 
that Freeciv21 supports both 
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Simply enter your possible decisions into Picker. Click Choose to 
select one at random and begin your very own dicelife. 


As one would expect from a Gnome app, the 
interface is clean and intuitive. You can enter 
each task/item into a field, and then press Enter 
to add another. When done, you can click 
Choose to have a field selected at random. You 
can then opt to remove or copy the field, as well 
as dismiss the notification. My only gripe with 
Picker, as per the Flathub page, is that it appar- 
ently requires network access, which doesn't 
seem necessary. 


Project Website 
https://flathub.org/apps/¡io.github.mezoahmedii.Picke 


Freeciv21 offers exactly the same game mechanics as Freeciv, but 
the developers have placed greater emphasis on multiple players. 


hex and square tiles, as well as custom rules. These in- 
clude setting victory conditions in multiplayer games 
with only human players, such as by configuring cer- 
tain diplomatic factors. 

After installing the latest Beta version (3.1), | decided to 
invoke the in-game tutorial to check ifthe mechanics 
were identical to the original Freeciv (they are). The latest 
version also includes some useful tweaks such as allow- 
ing users to press Enter to select items from the main 
menu. Rail and road sprites have received an overhaul, as 
have the borders of certain hex maps. 


Project Website 
ttps://github.com/longturn/freeciv21/ 


83 


Compression utility 


PeaZip 


n September 2006, devel- 
oper Giorgio Tani released 


this powerful cross-platform 
archiving utility. For the benefit of 
younger readers, this was a diffi- 
cult era to navigate. The No. 1 
song playing at the time was the 
Scissor Sisters” “| Dont Feel Like 
Dancin'” | shared this sentiment 
at the time, given | had to rely on 
a multitude of command-line 
based tools in Ubuntu 6.06 for ar- 
chiving and decompressing files. 
PeaZip's main selling point is 
he huge number of file formats it 
supports (234 atthe time of writ- 
ing). There's also improved sup- 
port for reading DMG, IMG, RPM, 
and SQUASHES formats. For 
hose unused to grappling with 
he command-line interface, it also 
offers both GTK2 and Qt5 by way 
of graphical interfaces. The utility 


— 


System information tool 


Fastfetch 


oper Dylan Araps archived the 

GitHub project page to take up 
farming. While we wish him well in 
his agricultural endeavors, active 
development on his standalone 
system information tool ceased 
immediately. Neofetch still exists 
in the repositories of many Linux 
distros, but as time goes on, the 
risk of incompatibility grows due 
to operating system updates. 

The developer page describes 

Fastfetch as “a Neofetch-like tool 
for fetching system information 
and displaying it prettily” It's writ- 
ten mainly in C, which the cre- 
ators claim gives it an advantage 
over Neofetch in terms of speed. 
Fastfetch exists in the reposito- 
ries of most popular Linux dis- 
tros such as Debian, Fedora, and 
openSUSE. In the case of my 


] n late April, Neofetch devel- 
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is available for download in a vari- 
ety of formats from the main site 
including Flatpak, DEB, and RPM. 
Its written in Free Pascal and 
compiled using Lazarus 3.4. 

After installing the DEB GTK2 
build, | decided to overlook the 
Scissor Sisters and test the lat- 
est version of PeaZip (9.9.0) with 
a ZIP file of Mozart's symphonies 
fromlarchive.org According to 
he official release notes, the util- 
ity now has a link to the right of 
he toolbar to allow quick extrac- 
ion of files when browsing ar- 
chives. Upon opening the archive 
in PeaZip, | noticed Extract here 
was present. 

Here l also discovered one of 
he utility's other latest features, 
which allows users to drag and 
drop individual archive files into 
ocations listed in the left-hand 


Ubuntu machine, | was able to 
add the PPA from the main page 
and install without issue. 

If you run fastfetch, the tool will 
display default information such 
as your operating system, kernel 
version, and hardware informa- 
¡on in a very similar way to Neo- 
fetch. Fastfetch uses the JSONC 
or JSON with comments) for 
configuration. Unlike Neofetch, 
here is no default configuration 
file, meaning you have to run a 
specific command to create one 
fastfetch --gen-config). Once 
his is done, there's a huge num- 
ber of customization options for 
he data Fastfetch can display. 
This is covered in the project 
pages extensive documentation. 
The easiest way to get started is 
o run fastfetch -c all to list all 
available modules. 


PeaZip has added an 
Extract here option. 
Users can also now drag. PeaZip is also popular for its abil- 
files into listed locations  ¡tyto encrypt archives. Version 
like Home and Down- 


pane, such as your Home folder. 


9.9.0 has now been updated to 
he 72 24.07, Zstd 1.5.6, and Pea 
1.19 back ends. This increases 
he number of KDF rounds, giv- 
ing much better protection 
against password brute force at- 
acks. Special mention should 
also go to PeaZip's test feature, 
which allows for testing archive 
encryption options. 


Project Website 
https://peazip.github.io/ 


By default, Fastfetch displays system information almost identically 
to Neofetch, but it also has many customization options 


The developers clearly are loyal to their roots, 
demonstrated where the GitHub page ex- 
plains some of Fastfetch's advantages over 
its predecessor. Aside from a high degree of 
customization and better performance, they 
also point out that Neofetch never actually 
supported the Wayland protocol. The great- 
est advantage over Neofetch to me, though, 
is that Fastfetch is actively maintained: At 
the time of writing, the most recent update 
was 12 hours ago. 


Project Website 
ttps://github.com/fastfetch-cli/fastfetch 
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Screenshot tool 


Flameshot 


he project GitHub page 
describes this handy tool 
as "powerful but easy-to- 


use screenshot software. 
Flameshot has actually been 
around since 2021, but it caught 
my eye recently when | discov- 
ered that it now supports the lat- 
est version of Ubuntu (24.04). 

Of course if you already run 
Ubuntu or other versions of Linux, 
your operating system may al- 
ready benefit from a built-in 
screenshot tool. However, Flame- 
shot offers many more custom- 
ization options than just tapping 
PrtScr and hoping for the best. 
The utility is available both as an 
Applmage and as a Snap, but 
when | tried to install via the Snap 
Store, Flameshot refused to load. 
However, the minimal App Image 
(<50MB) opened immediately. 


Pastebin alternative 


TextBin 


4 though[pastebin.comlis 


a popular choice for 

sharing code and other 
text snippets, some Internet 
users worry about uploading 
content to a platform they can't 
control. This has led to the rise of 
a number of open source alterna- 
tives such as AnonPaste, as well 
as this latest offering which de- 
scribes itself as “a privacy fo- 
cused, open source pastebin 
alternative” 

A working version of TextBin is 


available atihttps://app.textbin. 
[heenthusiast dev], This is easy 


to achieve because the source 
code for both TextBin's front end 
and back end are available on 
GitHub. From reading the project 
page, it's easy to see the develop- 
ers, “The Enthusiast/ et al, have 
put some effort into making this 
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While running, Flameshot ap- 
pears as an unobtrusive tray 
icon. This is a big deal for us tech 
journalists who usually want 
readers to focus on the main 
window. Clicking on the icon and 
choosing Take Screenshot dis- 
plays a list of options including 
shortcuts to save images to the 
clipboard or to a file. Users can 
also click and drag the mouse to 
capture a certain area. 

Naturally this in itself offers 
nothing beyond Ubuntu's screen- 
shot tool. However, the Open 
Launcher dialog also allows you 
to customize Flameshot's behav- 
¡orto capture a rectangle or the 
whole screen. You can also set a 
delay which, is incredibly useful 
for taking pictures of features 
such as pop-up dialogs and 
menus. 


pastebin implementation as flex- 
¡ble as possible. 

When | pasted some of my Py- 
hon code into the front end, | 
was also able to set a password 
o protect the post just as with 
pastebin. One crucial difference 
is that TextBin uses end-to-end 
encryption to protect content; 
hough, if you're focused on se- 
curity, you'II likely prefer a self- 
hosted solution. As with paste- 
bin, you can also set posts to ex- 
pire after a certain length of time. 
TextBin also has a toggle switch 
for Syntax Highlighting, though 
when | used the above link to up- 
load said Python code, it ap- 
peared only as plain text both be- 
fore and after submitting. 

That said, the setup process 
was a breeze, allowing quick and 
easy creation of user accounts in 
order to manage content. Special 
mention should also go to the 
Social Media Features, which 
allow other users to like and 
comment on your post. From 


Flameshot's screenshot features are incredibly customizable, 
offering a variety of capture regions and saving conventions. 


Flameshot's Configuration section is equally 
impressive. Not only are there options to custom- 
¡ze the user interface color, but the Filename Edi- 
tor allows fine-tuning of how Flameshot saves 
images. The default is YYYY-MM-DD_Time, but 
this is eminently editable. The General tab also 
allows you to configure key options such as the 
save location (default is Pictures), as well as 
choose your preferred extension. From here you 
can also change the keyboard shortcuts for vari- 
ous operations like saving screenshots to file. 


Project Website 
ttips://flameshot.ora 
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TextBin offers a clean, 
customizable interface 
with client-side encryp- 
tion but syntax high- 
lighting doesn't seem to 
work yet. 


exploring GitHub, | learned the 
TextBin front end is written in 
Next.js with TypeScript while the 
back end is coded in Golang. It 
uses a PostgreSQL database. 
Given the spartan nature of 
most pastebins, | was also im- 
pressed to see the front end 
has a number of visual inter- 
face options including a GitHub 
ight and dark theme, as well as 
more exotic options such as 
“Hacker Blue.” 


Project Website 
tips://github.com/The-Enthusiast-404 
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Mastodon client 


Tuba 


orthose who are new to 
Mastodon, it's the open 
source answer to X/Twit- 


ter. Like X, the software supports 
microblogging, but it differs by fol- 
lowing a federated model. Mast- 
odon runs on a number of inde- 
pendent nodes, much like the so- 
cial network diaspora*, which l've 
had the honor of reviewing twice 
for Linux Magazine in the past. 

Tuba's tagline, on the project 
page by developer Evan Paterakis 
(aka GeopJr), is "Browse the Fedi- 
verse” It's currently available for 
download both as a Flatpak and a 
Snap package. When reviewing cli- 
ents such as these, my main inter- 
est is in focusing on the features it 
offers above and beyond simply 
using your browser. For instance, 
my Windows laptop is constantly 
badgering me to install the dedi- 
cated WhatsApp desktop client. 
But because it doesnt seem to 
offer much over the web portal, | 
simply access WhatsApp via a 
browser tab. 

Tuba is a fork of a previously de- 
funct Mastodon client named Too- 
tle and is written in Vala. On first 
launch of the Flatpak, the app 
prompts the users to enterthe 
Mastodon server (in my case 
mastodon.social). This automati- 
cally launches a login prompt in 
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Tuba's search feature is much cleaner and tidier than that offered by the main site. It also shows bio texts in 


search results. 


your default browser. On signing 
in, you're asked to grant Tuba full 
access to your Mastodon account, 
as well as grant read and write per- 
missions for mutes and blocks. 
The browser then returns users 
to Tuba and displays the main ac- 
count page. The main window 
displays posts from your own ac- 
count and others you're following. 
Previously these were known as 
“toots” in juxtaposition to Twitter's 
“tweets/ but the term was retired 
in 2022 due to its scatological 
connotations and “posts” is often 
now used instead. The left-hand 
pane offers further options. Some 
of these are obvious such as 
Home and Notifications. The Con- 
versations option confused me, 


Tuba's interface is spartan and so easier to navigate than Mastodon's website. Use the button at 
the bottom right for new “toots.” 
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because there seems to be no corre- 
sponding feature on the main site. | 
can only assume it is the same as 
Private Mentions. 

| used the search feature both in 
Tuba and on the Mastodon website 
to run a search for everyone's favor- 
¡te cyberpunk adventure, Beneath a 
Steel Sky. Both the website and 
Tuba displayed the results in the 
main window and offered to filter by 
accounts, posts, and hashtags con- 
taining the search term. However, | 
must say | preferred how Tuba 
placed these options unobtrusively 
atthe top of the window only. The 
website, on the other hand, inserted 
hem into search results. Tuba also 
included the bio text for profiles, so 
it was easier to see why they'd ap- 
peared in my search. 
When it comes to posting, | favored 
he website, however, because 
here's a dedicated section on the 
main page to type and post your text. 
n Tuba you need to invoke a new 
window, which obscures the main 
one. | also couldn't find an option in 
Tuba for “Quiet Public” posts (i.e., 
those that are public but excluded 
from newsfeeds, hashtags, and so 
on). Nevertheless, | found myself 
drawn to Tuba for its simple, tidy in- 
terface so would encourage all Mast- 
odon users to take it for a test run. 


Project Website 
https://github.com/GeopJr/Tubal 
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VPN client 


Proton VPN 


eaders may recall the 
glowing review | gave 
the Proton Pass pass- 


word manager in Linux Maga- 
zine issue 286. Proton has cer- 
tainly come a long way from 
being only a Swiss email pro- 
vider. Proton's developers make 
a point of open sourcing virtu- 
ally all their software, including 
their VPN client. 

While Proton VPN has always 
offered a free tier, previously the 
dedicated browser extension for 
Chromium-based browsers and 
Firefox was for paid subscribers 
only. The extension has now 
been made available to all users, 
though in my experience the cli- 
entis always safer because it's 
less prone to DNS leaks. In early 
August, Proton announced that 
VPN servers will now be 


Ping utility 


Echo 


eveloper Angelo Rafael 
(also known as lo2dev) 
states on his GitHub 


page, “Il have ideas in my head. 
There's a small chance they're 
going to be realized.” Echo is 
seemingly one of the lucky few to 
make it. This simple utility de- 
ploys GTK4 and Libadwaita to 
ping websites. Currently, pre- 
compiled binaries are only avail- 
able via Flathub. 

Command-line lovers may balk 
at the idea of a dedicated utility, 
given that it's simple enough to 
open the terminal and enter the 
ping command. Moreover, cer- 
tain versions of Linux, like my 
own install of Ubuntu 24.04, re- 
quire elevated permissions to run 
ping, as Echo alerted me on first 
launch. Fortunately the devel- 
oper page lists the two simple 
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available in 12 new countries, 
which appear at the bottom of 
the Freedom House Freedom in 
the World index. 

This is due to the client's 
“Smart Routing” feature which, 
as far as | can tell, involves offer- 
ing virtual VPN server locations. 
This isn't problematic in itself but 
naturally you won't experience 
the same kind of performance as 
with bare metal servers. This can 
apparently be mitigated by the 
“Proton Accelerator; which 
boasts improved speeds of up to 
400 percent. The main site is 
very thin on technical details, so | 
encourage readers to do their 
own research. 

If you're willing to create an on- 
line account, you can download 
and use the client at no cost. 
There are a limited number of free 


commands required for manual 
setup to get Echo working. 
As a Gnome app, Echo offers a 
basic, user-friendly interface. The 
main page simply has a text box 
for a web address and a simple 
Ping button. If you choose this, the 
utility will immediately ping the ad- 
dress and reports back on ¡ts suc- 
cess (or lack thereof). You can 
also click into Advanced Options to 
change the number of pings (the 
default is four), alter the ping inter- 
val (default is 1.0 seconds), and 
even change the timeout (default 
is 2.0 seconds). From here you 
can also enter a “source” IP ad- 
dress, as well as switch the “fam- 
ly” between IPv4 and Ipv6. 
With these options configured 
o your needs, Echo will then dis- 
play a colorful readout announc- 
ing a particular domain is dead 
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The free tier of Proton VPN offers servers in the US, Japan, and the 
Netherlands. Upgrade for more locations and the kill switch. 


servers, clustered in the US, Neth- 
erlands, and Japan. | also couldnt 
activate the client kill switch using 


he free VPN tier. Th 
tested Proton VPN 


eak. My only major 


1 


at said, when 
by visiting 


https://ipleak.net/it displayed the 
US server's IP It also wasn't sub- 
ject to the aforementioned DNS 


complaint is 


hat Proton's “Stealth” protocol still 


hasn't made it to the Linux client. 


Project Website 
tips: //protonvpn.com 


If you only need to run a basic ping, the command-line interface may be 
a better choice, but Echo makes it easy to configure advanced options. 


or alive. Assuming the domain is live, you'll 


also see a readout of the minim 


um, average, 


and maximum ping response times. The re- 
sults also include the number of packets sent 


and received as well as any pac 
played as a percentage. While E 
like overkill for basic ping opera 


ket loss, dis- 
cho may feel 
ions, when it 


comes to advanced options such as specify- 
ing the timeout and source, it could save 


users time relative to writing ou 
terminal commanads. 


Project Website 
tips://github.com/lo2dev/Echo 
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Exploring the Yaz1 console-based file manager 


Organizer 


This fast and flexible file manager offers command-line speed with some 


GUI-like conveniences. BY MARCO FIORETTI 


ext-based file managers are so fast and 
l flexible that even if every Linux user ran 3D 
desktops on state-of-the-art hardware, they 
would still play an important role in every Linux 
distribution. A great proof of this fact is one of the 
latest and most promising members of this family, 
a young multiplatform project called Yazi [1]. 
There are at least two excellent reasons for 
using Yazi in this graphics-first age. The first 
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Figure 1: Midnight Commander still works perfectly, but cannot directly display non-text files. 


reason is that Yazi is really fast. Sure, processors 
are powerful and RAM is cheap these days, but a 
file manager that is light on resources is fully us- 
able even when your computer is performing a re- 
source-heavy task, like ray tracing. A text-based 
file manager can also serve as a precious disaster 
recovery tool when things go bad. 

Another reason to try Yaziis that it narrows the 
usability gap between GUI file managers and leg- 
acy command-line tools. For instance, Yazi can 
display thumbnails ofimages and other files that 
are not plain text, instead of merely listing the file's 
(often unhelpful) name. 

With tools like the venerable Midnight Com- 
mander (Figure 1) [2], you need to launch external 
programs to see what an image actually is, which 
can considerably slow down your workflow. 
Yaziis not the only program that can display 
images inside the Linux terminal, but in my experi- 
ence, it is the one that does it best. As you can 
see in Figures 2, 3, 4, and 5, Yazi displays usable 
previews of many kinds of files directly in its own 
window. 

Yazi can also work in multiple tabs, and the fact 
hat it performs all the most common file man- 
agement operations efficiently makes this project 
even more interesting. 


Mi 3058700 135317. | 
Figure 3: Yazi makes managing images in the Linux 
terminal very efficient. 
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Architecture 
One main reason for Yazi's speed is that it does 


a lot of things in small chunks and in parallel. 
The whole program is designed to work asyn- 
chronously [3], which makes it a worthwhile 
choice for every beginner programmer to prac- 
ice on. Every task is handled independently, 
with a scheduling algorithm that decides which 
ask should run in any moment, according to ¡ts 
complexity and urgency. Practically every task, 
from moving or displaying files to processing 
heir content with external commands, is dis- 
ributed across multiple threads and handled in 
a non-blocking manner. 

Ifa task is stuck, you can terminate it in a task 
manager pop-up window without affecting other 
operations, and if there are tasks still running 
when you want to quit, Yazi will ask for confirma- 
tion (Figure 8A, later in this article). 

Other optimizations include a highly optimized 
file-sorting algorithm, independent rendering of 
components as progress bars, and caching the 
state of every directory that is visited. 

Thanks to this architecture, in every moment 
Yazi only does the minimum amount of work 
that's really needed to make the user happy, if 
possible even before the user actually needs it. 

For example, Yazi preloads the list of all the files 
inside a directory in the background, but when 
some of those files change, it only updates their 
data, rather than re-reading the whole directory. 
When working in directories that contain hun- 
dreds or thousands of files (which is one reason 
why | tried Yazi myself), Yazi only parses their 
content in chunks that your terminal can display. 

Thatis, if your terminal size and font are such 
that it can only display 20 files at a time, Yazi will 
also load the main properties of those 20 files, 
and possibly of the next 20, but not more. Why 
bother to process files the user may never come 
to browse? To make things even faster, Yazi can 
quickly discard every file preview it has started to 
generate if you stop scrolling through a long list of 
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Figure 4: After installing Glow, Yazi highlights Markdown 
files just like it does with source code. 
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files and resume those tasks as soon as you 
begin again. 

The same happens when highlighting source 
code (Figure 6): Yazi prepares those previews 
asynchronously, but with the same approach it 
uses with file listings, avoiding work that may 
never be seen. Rather than processing an entire 
file to highlight its code and displaying just the 
part that will fit in the terminal window, Yazi 
parses only the number of lines that will be 
actually visible and does the rest (in chunks of 
the same size) only if the user actually scrolls 
down to see them. 

While | cant show this with static screenshots, | 
assure you that everything is fast and smooth: 
When | was scrolling through the file list in the left 
pane of Figure 3, the right pane passed from one 
thumbnail to the next just as quickly without a 
hitch, unless | was scrolling really fast. And even 
when | did that, Yazi would just stop showing the 
thumbnails, to resume immediately as soon as | 
slowed down. 


nstallation and Dependencies 

Now let's talk about the least satisfying part: 
the installation of Yazi and everything it needs 
to really deliver all it promises. 

In an ideal world, you could install (and up- 
grade!) native . deb or similar packages of both 
Yazi and all its dependencies, with just one call to 
distribution-wide package managers like apt-get, 
and maybe one-time configuration of third-party 
repositories, happily ignoring how those packages 
were developed. 

These days, more and more developers, instead 
of releasing . deb, .rpm, or similar packages of their 
application, only use tools like Snap, which work 
on their own, or a language-specific package 
manager. Meaning that if a Python program de- 
pends on a Perl program that depends on a Ruby 
program, you must use pip, then ppm, and then 
rubygems, after figuring out the dependencies 
yourself. Not good, if you ask me [4]. 
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Figure 5: The tool took longer to set up previews of ePUB ebooks. 
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Yaziis a good example of this trend. Getting it 
and all its dependencies set up and running is a 
multistep procedure, which is nat difficult, after all, 
but still took me about an hour and a half of web 
searches and terminal commands to complete on 


Don't worry, though! Thanks to this tutorial, the 
whole process should take much less time for 
you, even if on some distributions some steps 
may take slightly different forms. Then again, by 
he time you read this, some steps may not even 


my Ubuntu 22.04 LTS desktop. be needed anymore! 

On with the installation: Yazi itselfis a bundle of 
wo Rust programs called yazi and ya. The first is 
he actual file manager shown in the figures of 
his article. The second, described in the “Ya and 

A: he Future of Yazi” box, is its command-line pack- 
ey aid € Fi age manager and “remote controller” 

BE — You may download official Yazi binaries for 
other platforms from GitHub Releases, and, ac- 
HOC scordingtothe homepage, a Snapcraft package 
Figure 6: In Yazi you can quickly scroll big source files in for Linux is available. However, | could not find 
any language, with proper syntax highlighting. it at the time of writing, so | went with the rec- 
ommended procedure to install on Linux the 
stable version of Yazi [5]. First, because Yazi 
is written in Rust, | installed the latest stable 
releases of the official compiler for the Rust 
programming language and its own package 
manager, Cargo: 


Ya and the Future of Yazi 


Yazi comes with another program called ya that, as the project matures, 
may become more and more important. For ordinary users, ya is only 
needed to install some plugins with its “pack” option, as in these exam- 


ples (type ya --help to see all the available options): A ES 


Ibttps://sh.rustup.rs] | sh 


> ya pack -a <PACKAGE> ttadd a package 


> ya pack -1 $ list all packages This command, which downloads and directly exe- 
cutes a shell script from the rustup website, installs 
all the metadata and tools needed to install Rust pro- 
grams in $HO0ME/. rustup, and all the Cargo tools and 
catalogs inside $H0ME/. cargo. The same shell script 
will also add the directory$H0ME/.cargo/binto the 
$PATH environment variable. 

When the Rust tools are available, you can run 
these two other commands at the prompt, first to 
make sure your local Rust environment is up to 
date, and then to finally install the two Yazi pro- 
grams | already mentioned: 


> ya pack -u + upgrade all packages 


In perspective, the main purpose of ya, or in any case its most interest- 
ing one, is to provide an interface to Yazi's data distribution service 
(DDS) [13]. Quoting from Yazi's home page, this system is “designed to 


achieve communication and state synchronization between multiple 
Yaziinstances, as well as state persistence”” In practice, itis an interface 
that makes it possible for different Yazi instances to talk to each other, 
but above all to control Yazi from external programs, be they shell 
scripts or anything else. 


In the DDS model, different instances of Yazi can exchange messages 
in real time, or store them until a new instance starts. The DDS sub- 
commands that ya accepts are pub, pub-to, and sub, which are used re- 
spectively to publish a message to the current instance, to a specific 
one when there is more than one running, or to subscribe to messages 
from all remote instances. You may use the --help option to check the 
options available for each subcommand, as in ya pub --help. Because 
the whole DDS infrastructure is in constant development and only nec- 
essary for very advanced usage of Yazi, please consult the website for 
more details. 


> rustup update 


> cargo install --locked yazi-fm yazi-cli 


On my Ubuntu desktop, on which | had never used 
anything Rust before, those commands ran with- 
out any error, leaving the two Yazi programs in- 
stalled in the folder $H0ME/. cargo/bin. That said, 
they took several minutes to do it, downloading 
and installing several hundreds of small Rust 
packages of all sorts before Yazi. 


Listing 1: Úberzug++ Installation Procedure 


> echo 'deb [http://download. opensuse.org/repositories/home:/Justkidding/xUbuntu_22.04/] 
home: justkidding.list 


' | sudo tee /etc/apt/sources.list.d/ 


> curl -fsSlí https://download. opensuse.org/repositories/home: justkidding/xUbuntu_22.04/Release. ke] 
tee /etc/apt/trusted.gpg.d/home_justkidding.epg > /dev/null 


| gpg --dearmor | > sudo 


> sudo apt update 


> sudo apt install ueberzugpp 
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Listing 2: Glow Installation Procedure 


> sudo mkdir -p /etc/apt/keyrings 
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> curl -fsSL[Https://repo.charm.sh/apt/gp8.Key | sudo gpg --dearmor -o /etc/apt/keyrings/charm. gpg 
> echo "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/] * *" | sudo tee / 


etc/apt/sources.list.d/charm. list 


> sudo apt update €ge sudo apt install glow 


Now, the dependencies: To do really everything 
it can do, Yazi needs (besides utilities surely 
available in every Linux distribution such as the 
file command) many other programs, including 
but not limited to fd and rg to find files and 
search their contents, fzf and zoxide for more 
efficient navigation across directories, plus sepa- 
rate programs for every file format you want to 
preview in the terminal running Yazi. 

However, tools like rg or zoxide are independent, 
relatively complex programs that many users may 
not need. Above all, they are tools that are much 
better to try and learn on their own, right at the 
command line, before embedding them inside 
Yazi or anything else. Moreover, they are tools that 
(once you already know Yazi) are as easy to inte- 
grate with Yazias the previewers | discuss next, ¡f 
not easier. 

Therefore, in this tutorial, | focus on the preview- 


ers as the first real val 
any Case the one that 
¡al users would want 


hat you can install w 
being often just front 


ue that Yazi provides, and in 
he great majority of poten- 
o try to use first. 


Some of those previewers are Yazi plugins 


ith the ya program but, 
ends to third-party utili- 


ies, still require additional work to function. 
Personally, | did not have to do anything to pre- 
view PDF files as shown in Figure 2, because 
he PDF viewer that Yazi requires, Popper, is in- 
stalled by default on Ubuntu. 

To see previews of the other file types | man- 
age more frequently, namely images, Markdown 
exts, and ebooks in ePUB format, | had to work 
as follows. 

After reading some documentation, | realized 
he first tool | (and probably almost everybody 
else trying Yazi) wanted to install was Úberzug++ 
[6], the currently supported version of a com- 
mand-line utility capable of displaying images in- 
side almost all terminals. The best way | found to 
install this tool on Ubuntu was to set up the repos- 
itory available atlopenSUSE oral[7], which also of- 
fers Fedora and Debian packages. On Ubuntu, | 
used the instructions in Listing 1 to manually add 
he Úberzug++ repository to my list of approved 
package sources, download the corresponding 
digital signature with cur1, load all the changes in 
he APT package-management databases, and 
hen finally install the tool. After doing that, Yazi 
could show images as shown in Figure 3. 
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In order to see scrollable, nicely formatted pre- 
views of the Markdown source files of my blog as 
shown in Figure 4, | had to install the command- 
line Markdown renderer called Glow [8]. This is 
good, because Glow is a standalone program that 
can be used to directly preview Markdown files at 
the command prompt. On Ubuntu, the recom- 
mended procedure to install Glow is substantially 
identical to the one | just described for Uberzug++ 
but takes the form of Listing 2. 

The good part of this work is that from now on 
every time | run an apt upgrade command, both 
Uberzug++ and Glow will be upgraded regardless 
of which language they're written in, which is ex- 
actly how package management on Linux should 
always work. 

The process to make Yazi display the covers 
of ePUB files is more complicated (Figure 5), 
because it requires downloading a Yazi plugin 
called epub-previeu [9], which in turn depends on 
the generic ePUB thumbnail generator called 
epub-thumbnai ler [10], which in turn requires 
Pillow [11], a fork of the Python Imaging Library. 

So the actual Yazi plugin must be copied in your 
Yazi plugins directory via git: 


> git clone[https://github.com/kirasok/epub2 
preview.yazi.git */.config/yazi/plugins/epub-2 


preview.yazi 


For Pillow, you must use the Python package 
manager pip3: 


> pip3 install Pillow 


and then you can download the file install. py 
from the ePUB thumbnailer website and run it 
with Python: 


> sudo python3 install.py install 


The reward for all this hassle is that the ePUB 
thumbnailer will also be usable by any other file 
manager you'd like to run, graphical or not. 


Configuring Yazi 

Installing Yazi plugins as | just explained isn't 
enough to actually use them. You must explicitly 
tell Yazi which plugins are available and on which 
files they should work as in Listing 3, which shows 
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Listing 3: Plugin Section of the Yazi Configuration File. 


[plugin] 

prepend_previewers = [ 
Í mime = "application/epub+zip", run = "epub-preview" ), 
íÍ name = "*.má"”, run = "glow" ? 


the section of the configuration file (by default 
$HOME/. config/yazi/yazi.toml) that enables the 
previewers of ePUB and Markdown files. The two 
settings inside braces have the same syntax: First 
they define which file type they apply to, and then 
(the run = "epub-preview" part) which plugin 
should be used to display them. The only differ- 
ence is that epub-previeuw is activated by the MIME 
type of a file, and Glow by its extension ('*. md"). 


Using Yazi 

Once plugin configuration is over, you can start 
he file manager by typing yazi in your favorite 
erminal. The screenshots in this tutorial all show 
Yazi running in a Terminator tab, with a white or 
ight yellow background. In that environment, 
when it's not showing any files, Yazi looks like the 
hree-pane layout of Figure 7. 

In my opinion, there are four things you should 
know before starting to run Yazi. The first time 
you type yazi, add the --help switch to see all the 
available command-line options. One that may be 
useful if you plan to integrate Yazi in your own 
scripts as part of a larger workflow is --cud-f11e 
<LAST_CHD>, which writes to a new file called LAST_ 
CWD (current working directory) the last directory 
Yaziwas in when you told it to exit. 

The second thing to know ¡is that what | just said 
is one workaround for something that Yazi cannot 
do by itself but which may confuse first time 
users: In and of itself, this file manager has no 
way to communicate which directories it visits 
to the shell (or script) in which you run it. 

If, for example, you start it by typing yazi in 
your home directory, then move inside Yazi to 
any other folder, say /tmp, and then quit the 


Figure 7: The three-pane interface for Yazi, which you can clone in multiple tabs. 
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program, you will find yourself in the home di- 
rectory again, which may or may not be how you 
expect a CLI file manager to work. If this is a 
problem for you, the real fix is to not launch Yazi 
directly, but to run it from the shell wrapper pro- 
vided by the developers [12]. 
The third thing to know ¡is that Yazi has a lot of 
commands, each with its own keyboard shortcut. 
| have collected the most essential commands in 
Listing 4, but there are many more which you can 
see inside Yazi by pressing the tilde key. In fact, | 
would recommend new users, until their muscle 
memory has absorbed all the commands they 
need, to run two copies of Yazi in two distinct ter- 
minals, side by side: one just to have the whole list 
of commands always visible, and the other to do 
the actual work, without ever interrupting it to 
check which key one should press. 
You can modify the key bindings as you wish, 
by redefining them in a dedicated file called 
keyboard. toml, as described in the online manual. 
Fourth, as | mentioned, Yazi has tabs which are 
labeled with progressive numbers. You can create 
a new tab by pressing t, close it pressing CTRL-c, 
and switch to any tab in any moment by just typ- 
ing its number. Alternatively, you can switch be- 
tween the current tab and the previous or next one 
by pressing the square bracket keys. 
You can create new files in the current folder by 
pressing a (as in “add, Figure 8B), and open them 
by pressing o. Uppercase O gives you more 
choices, for example, to see file metadata, in addi- 
tion to just opening it with your system default ed- 
itor (Figure 8C). 


Listing 4: Essential Yazi Keyboard Shortcuts 


a add, that is create 
(a folder, with trailing slash) 


r rename 
. View or hide hidden files 
ESC cancel file selection 


CTRL-r reverse file selection 


y Copy 

x cut 

p paste 

P paste,overwriting if destination exists 
d send to trash binaries 


D delete permanently 
CTRL-a select all files 


; run a shell command (non blocking mode 


: run a shell command (blocking mode) 


w show the task manager 


a quit 


A Ñ_—_ _—u—__—__—_——— 
| s0me- ñew- file. sd 


[ (government 


Figure 8: Some of the pop-up dialog windows that Yazi opens when managing tasks and files. 


The more files or subdirectories there are in a 
directory, the more sense it makes to use a text 
file manager to browse them. At that point, how- 
ever, itis crucial to be able to sort them in several 
ways. In Yazi, sorting commands start with a 
comma, after which you can type m and c to sort 
by modification or creation time and a and s in al- 
phabetical or size order. The uppercase versions 
of the same letters do the same sortings, but 
reversed. 

Filtering files is equally efficient. If you want to 
filter all and only the files whose names contains 
a given string, (e.g., “government” in Figure 8D), 
press fand start typing that string. Yazi will im- 
mediately show only the files that match that 
pattern, restricting the selection as you continue 
typing. Once you see all the files you want to fil- 
ter, you can press n or N to move to the next or 
previous file. 


Themes, Flavors, and More Plugins 
Personally, | like how Yazi looks out of the box, 
including its header and mode lines (the top and 
bottom rows of the terminal window in which 
Yazi runs), with just the right sizes and amount 
of information. If you dont like those lines, you 
can easily customize them following the exam- 
ples in the official documentation, or even inter- 
actively during a session, for example, by typing 
mp to make the mode line show file 
permissions. 

Itis possible to further customize Yazi's look 
and feel with themes and so-called “flavors,” but 
this is maybe the least important reason to use 
it, at least in the near term. At the time of writ- 
ing, the themes section of Yazi's website con- 
tains just a few themes, which | would describe 
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as “some dark, some light.” After trying one or 
two, | honestly felt no reason to load any of 
them, because the default interface seems per- 
fectly useable as-is to me. Even the default con- 
sole icons shown in Figure 9 are nice enough to 
leave them as is as far as l am concerned. That 
said, here is what you need to know if you want 
to make changes. 

In Yazi, a flavor is a complete combination of cus- 
tom settings for fonts, typefaces, background col- 
ors, icons, and similar items that is stored in its own 
file inside the directory $H0ME/. config/yazi/flavors. 

A theme, instead, is whatever is defined in the file 
$HOME/.config/yazi/theme.tom!, which may contain 
the instruction to use a certain flavor. For example 


[flavor] 


use = "catppuccin-latte" 


plus any other extra customization of it. Because 
settings inside the theme. tom! file always override 
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Figure 9: Yazi shows what kind of document each file is 
with nice little icons (for folders, images, and PDF, Mark- 
down, or plain-text files). 
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the corresponding settings in a flavor file, this 
structure lets the user download and update pre- 
made flavors from Yazi's GitHub page automati- 
cally with git, while guaranteeing that every cus- 
tomization they explicitly defined is preserved. 

Plugins are much more interesting than themes 
because they are in no way limited to previewers. 
There are many more to choose from, most being 
of the type that is completely unnecessary for 
many users, but a lifesaver for others. As exam- 
ples (check the website for the complete, up-to- 
date list!), let me note yat line to customize the 
header and status lines, exifaudio to display the 
metadata and covers of audio files, and of course, 
previewers for many other types of file formats, 
from torrents to JSON, CSV, and Jupyter note- 
books too! 

There is also an rsync front end that creates a 
pop-up window like the ones in Figure 8, in which 
you can enter a folder, the remote server it should 
be synchronized to, and the corresponding user- 
name and password. 


Conclusions 

Yaziis a very young project and it shows. The 
task manager interface is still limited. | noticed 
that in multitab terminals such as Terminator, 
Yazi graphic previews (the images in Figures 2, 
3, and 5) appear in all the tabs of Terminator, 
not just the one where Yaziis running. Besides, 
| haven't found previewers for HTML and Open- 
Document files, which | would have really 
appreciated. 

An even more important issue may be the fact 
that, at least until it's available with all the pre- 
viewers as one or more native Linux packages, it 
may not be suitable for older or single-board com- 
puters without enough disk space and memory to 
install it from sources, as | described. In those 
cases, tools like Midnight Commander would be 
better. 

Even so, Yazi already does most things most 
users with lots of files need to do anyway and 
does them much faster than graphical file manag- 
ers. Give ita try! aun 
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4287/October 2024 


Many Linux users are intrigued by Large Language Model (LLM) tools like ChatGPT, but if you 
really wantto be methodical about testing and experimenting, why get tangled in the cloud? 
Ollama lets you run LLMs locally on a home computer. 


On the DVD: Debian 12.6 and Clonezilla 3.1.3-16 


1236/September 2024 
Git Ready 


The Git version control system is an integral part of the Linux environment. If you're looking 
for a better foundation in Git, or if you already know the basics and are ready to start building 
Git into your own custom apps, we'll make you Git ready. 


On the DVD: openSUSE Leap 15.6 and Tails 6.4 


++285/August 2024 


Lux 


Kernel Expoilts 


Is Linux secure? Only if you keep up with the patches. This month we take a close look at how 
intruders attack unsafe versions of the Linux kernel through known and well-publicized exploits. 
We'll show you how to set up your own out-of-date kernel to practice on, and we'll introduce 
you to some of the tools and techniques attackers use to gain root access. 


On the DVD: AlmaLinux 9.4 Boot DVD and Fedora Workstation 40 Live 


++284/July 2024 
Laptop Security 


In the scary world of the Internet, “more secure than Windows” still isn't secure enough. lf 
you want to keep your traveling systems safe from the clutches of the espionage economy, 
you'll need some extra help. We show you how to outfit your laptop with the extra defenses 
you'll need for life on the road. 


On the DVD: Ubuntu Budgie 24.04 LTS and Rescuezilla 2.5 


1283/June 2024 


Al Tools 


Everyone is fascinated with Al right now, but at the end of all the articles and interviews and 
research, itis fair to ask, what can | do with it really? This month we highlight some Al-based 
tools that will help you build your own chatbot, sharpen photo images, and more. 


On the DVD: Nobara 39 and Manjaro 23.14 Gnome 


4282/May 2024 


The D-Bus architecture creates a powerful channel for applications to communicate. A 
deeper understanding of D-Bus will help you with troubleshooting. Also, if you know how 
D-Bus works, you can customize the interaction of audio tools, text editors, and other apps 
to save time and simplify your life. 


On the DVD: Kubuntu 23.10 and Clonezilla Live 3.1.2-9 
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FEATURED EVENTS 


Users, developers, and vendors meet at Linux events around the world. 
We at Linux Magazine are proud to sponsor the Featured Events shown here. 


For other events near you, check our extensive events calendar online at 


https://www.linux-magazine.com/events. 


If you know of another Linux event you would like us to add to our calendar, 


please send a message with all the details to|infoWlinux-magazine.com. 


Date: November 8-9, 2024 


Location: Bolzano, Italy 
Website: https://www.sfscon.it 


The South Tyrol Free Software Confer- 
ence, SFSCON, is one of Europe's most 
established annual conferences on Free 
Software. SFSCON promotes the use of 
Free Software in digital infrastructures 
as atoolto achieve greater innovation 
and competitiveness. Join decision- 
makers and developers to learn and 


Date: November 17-22, 2024 


Location: Atlanta, Georgia 
Website: https://sc24.supercomputing.org 


Atlanta is the place to be this fall as the 
high performance computing community 
convenes for an exhilarating week of 
sessions, speakers, and networking at 
its finest. SC is an unparalleled mix of 
thousands of scientists, engineers, 
researchers, educators, programmers, 
and developers and who intermingle to 


State of Open Con 2025 


Date: February 4-5, 2025 


Location: London, United Kingdom 
https://stateofopencon.com, 


Save the date for the UK's open 
technology conference focused on open 
source software, open hardware, open 
data, open standards, and Al openness. 
SOOCon provides an opportunity for 
people to come together and have a 
joint learning experience with some of 
the world's leading open source 


get inspired. learn, share, and grow. experts. 
WM Events 

SOSS Fusion 2024 Oct 22-23 Atlanta, Georgia 

All Things Open 2024 Oct 27-29 Raleigh, North Carolina 

SOSS Community Day Oct 30 Tokyo, Japan 

PyConFR 2024 Oct31-Nov3 Strasbourg, France 

2024 WISH (Women in Nov 7 San Jose, California 

Semiconductor Hardware) 

Nerdearla Mexico Nov 7-9 Mexico City, Mexico 

SFSCON 2024 Nov 8-9 Bolzano, Italy 

SeaGL 2024 Nov 8-9 Seattle, Washington 

FOSSCOM 2024 Nov 9-10 Thessaloniki, Greece 

KubeCon + CloudNativeCon Nov 12-15 Salt Lake City, Utah 

North America 

RubyConf 2024 Nov 13-15 Chicago, Illinois 

SC24 Nov 17-22 Atlanta, Georgia 

Open Source Monitoring Conf. Nov 19-21 Nuremberg, Germany E 

PyCon AU 2024 Nov 22-26 Melbourne, Australia z 

Cephalocon Dec 4-5 Geneva, Switzerland - 
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3 
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CodeMash Jan 14-17 Sandusky, Ohio , 
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